It's for post-exploitation, all the "crunchy outside, chewy interior" 90s style insecure enterprise networks separated from the elements by a perimeter firewall have 10.x ipv4 addressing.
I don't think anything changed in this respect since the 90's.
(Well, except we have more of the nu-style "expose all ports to the Internet and protect them with an HTML form and a q1w2e3 password, #yolo" corporate networks.)
(Well, except we have more of the nu-style "expose all ports to the Internet and protect them with an HTML form and a q1w2e3 password, #yolo" corporate networks.)