Skip to content

SVAPE&C – The Hacker Attack Cycle

This page has technical background information on the hacker attack cycle - click here to go back to home page:


The criminal hacker is ultimately trying to access and then control your computers:


The above diagram is from Mandiant's thorough report  Mandiant APT1 Report on how Chinese hackers stole data from US companies.

We translate this diagram into easier to understand English


Scan first (check what ports are open - tcp/udp 1-65536 - there are 65536 ports on the IPv4 standard as 2 bytes create the number 2^16=65536) doing an initial scan allows the hacker to plan the next moves/

Vulnerability Analysis   Analyse the port and review how it  behaves, assess the potential attack angles)

Penetrate (use the Vulnerability analysis to find an attack that wil succeed)

Exploit (attack and get on the system)

& Control   (keep accessing the hacked computers)


The criminal hacker has a goal and the goal is to attack and control the computer. In the future the criminal hacker can then sell this control, either to attack other computers or to sell the rights to it.

There have been instances in the past where a piece of malware did not do much right away. Only after some time the system downloads more software for cryptolocker for example. Now your system has Cryptolocker because it was sold from one criminal hacker to another (in the Darkweb)

And as you may know once your system has Cryptolocker your world changes as all your files become encrypted and thus unusable without a decryption code which has to be bought from the criminal.  Paying the ransom does not guarantee decryption.

Latest discussion of the DarkWeb on our Blog post from May 27:

Last updated 10/31/15