During a post-breach analysis, a cybersecurity analyst discovers that an attacker leveraged scheduled tasks to execute malicious payloads after initial compromise. Which MITRE ATT&CK tactic BEST describes this observed behavior?
Discovery
Privilege Escalation
Persistence
Credential Access