What type of attack did Malcolm perform by using stolen credentials to intrude into an organization's network?

The scenario describes Malcolm utilizing stolen credentials to gain unauthorized access to an organization's network, which is best categorized as authentication hijacking. This type of attack occurs when an attacker takes over a session or gains access by exploiting legitimate user credentials, often leading to unauthorized operations within the network.

Authentication hijacking emphasizes the act of using valid user credentials to authenticate and infiltrate secured systems, thereby leveraging the trust the system has in the rightful owner of those credentials. It highlights that the attacker does not need to bypass the authentication mechanism but rather exploits the valid authentication information already compromised.

While session hijacking often involves taking over a legitimate user session after initially gaining access, it is more about controlling an already established session rather than the act of stealing credentials. Phishing refers to the technique used to obtain credentials and is often a precursor to such attacks but does not describe the act of using those credentials to gain access. Credential stuffing specifically involves using a large number of stolen credentials to access multiple accounts, which is not the case here since Malcolm is using specifically stolen credentials to intrude into one specific network.