Cyber Attack Simulation

Attacker

Victim

Phase 1: Crafting Phishing Email

Email subject: "Urgent Notice: Abnormal Login Alert on Your Alibaba Cloud Account"

Mimics official Alibaba Cloud template requesting "immediate account verification"

Attachment: Disguised as PDF/Word document

Link: Points to phishing site with typo-squatted domain

Victim Action

Opens the email and views contents

Clicks link or downloads attachment

Triggers malicious payload execution

Phase 2: Malicious Payload Execution

Malicious document downloads and executes code

Phishing site steals user credentials

Establishes communication channel with attacker

System Compromise

PC executes malicious code

Attacker gains control of system

Malware Active

Phase 3: C2 Implantation

Deploys backdoor program

Configures persistence mechanisms

Sets up reverse proxy to disguise communication

System Persistence

Backdoor program remains active

Attacker maintains continuous control

C2 Active

Beaconing

Phase 4: Credential Theft

Steals browser cookies and saved passwords

Searches for and exfiltrates SSH keys

Prepares credentials for lateral movement

Data Compromise

Browser cookies stolen

SSH keys compromised

Attacker prepares for network penetration

Credentials Stolen

Phase 5: Browser Proxy Pivoting

Routes victim's browser traffic to attacker server

Accesses internal applications:

SSH management platforms

Internal document systems

Captures sensitive information in real-time

Network Penetration

Attacker masquerades as legitimate user

Sensitive data captured in real-time

Internal network access achieved

Internal Access

Traffic Proxied

Phase 6: Lateral Movement & Data Exfiltration

Uses stolen SSH credentials to access servers

Scans internal network for additional targets

Attempts privilege escalation

Steals and exfiltrates sensitive data

Full Network Compromise

Servers under attacker control

Sensitive data stolen

Attacker maintains persistent access

Breach Complete

Attack Lifecycle Timeline

Phase 1: Phishing Email

Attacker crafts convincing phishing email

Victim Action

Opens email and interacts with content

Phase 2: Payload Execution

Malicious code executes on victim system

System Compromise

Attacker gains initial foothold

Phase 3: C2 Implantation

Backdoor installed for persistent access

Persistence

Continuous attacker control established

Phase 4: Credential Theft

Cookies, SSH keys, and passwords stolen

Data Compromise

Credentials available for lateral movement

Phase 5: Browser Pivoting

Internal network accessed via proxy

Network Penetration

Internal applications compromised

Phase 6: Lateral Movement

Servers accessed, data exfiltrated

Full Breach

Network fully compromised

Advanced Persistent Threat Simulation

Phase 1: Crafting Phishing Email

Victim Action

Phase 2: Malicious Payload Execution

System Compromise

Phase 3: C2 Implantation

System Persistence

Phase 4: Credential Theft

Data Compromise

Phase 5: Browser Proxy Pivoting

Network Penetration

Phase 6: Lateral Movement & Data Exfiltration

Full Network Compromise

Attack Lifecycle Timeline

Phase 1: Phishing Email

Victim Action

Phase 2: Payload Execution

System Compromise

Phase 3: C2 Implantation

Persistence

Phase 4: Credential Theft

Data Compromise

Phase 5: Browser Pivoting

Network Penetration

Phase 6: Lateral Movement

Full Breach

Interactive Attack Simulation