The cybercriminals behind the attacks targeting the Times appeared to be very well funded and sophisticated, security experts said. Once a cybercriminal has remote access to a victim's machine, more malware is used to achieve the objectives. Investigators discovered 45 pieces of custom malware designed to conduct a number of activities associated with cybercriminal activity. Keyloggers record keystrokes on the victim's machine. Data stealers scan email messages and copy other documents on the victim's machine. At an often programmed time, typically during a period of inactivity on the victim's computer, the malware will send the data to a remote server, where the cybercriminals can retrieve it.