In the research phase a hacker’s target is comprehensively investigated, for example by checking out social media. This is also called “social engineering”. Because nearly everyone uses social media this is an excellent means of obtaining information for hackers as well.
After the target has been investigated a phishing campaign is developed. This is sent to an individual, an organization or even a sector. Increasingly, hackers use spear phishing, where the e-mail is completely tailored to the target. This significantly increases the chances of success.
In the phishing e-mail the target is induced to click on a link. The customer, often because other websites are opened behind a legitimate website, ends up on the page of a hacker. This doesn't even have to be visible.
From his website the hacker starts a scan via an exploit kit. This scan determines the weaknesses of the target’s system. This may be an old version of Java, Adobe or Office.
5. Dropper file
The hacker utilizes a weakness in the target system to get in. They do this by sending a dropper file. Because the dropper file is sent to the system via an SSL connection of the hacker, things like firewalls have trouble intercepting it.
6. Call Home
The dropper file communicates back to the server of the hacker, also called the command & control server. This way the hacker knows that his break-in was successful and he can now take over the system via scripting. This uses a lot of technologies that provide access to the memory or root-rights, for example. Because this is done through a legitimate application it is not recognized. Some of these technologies are: Heap spray, SEHOP, Stack Pivot and DLL Hijacking.
7. Data Theft
The final step is the phase in which the hacker achieves his objective. This objective may be stealing data, activating ransomware or logging all the activities in the system, so functioning as spyware.