In four steps an attacker not only gain access to your internal resources but is also capable of hiding malicious code for later use. Following a phishing attack, the malware exploits your systems and drops a backdoor that allows for later access to your systems. Through this illicit access the attacker can upload tools, steal data and perfom many other malicious activities.
Read more here – http://blog.trendmicro.com/trendlabs-security-intelligence/in-depth-look-apt-attack-tools-of-the-trade/