Systems infected through targeted phishing campaigns act as an entry point for attackers to spread throughout an organization’s entire enterprise, steal sensitive business or personal information, or disrupt business operations.
Read more here – https://www.us-cert.gov/ncas/alerts/TA15-213A