Computer Network Exploitation

Computer Network Exploitation (CNE), refers to a kind of cyberattack involving the infiltration and compromise of computer networks, devices, or systems for espionage.

Computer network exploitation is carried out by a host of entities, from cyber criminals to Advanced Persistent Threat (APT) groups and even nation-states. It is considered illegal unless on special grounds when law enforcement needs to take down criminals.

Examples of computer network exploitation

  • Data breach: Here, the hacker can exploit any flaws in the target organisation’s systems or network to gain unauthorised access and retrieve sensitive data such as intellectual property, financial records, and other classified documents.
  • Advanced persistent threat (APT): In this example, A nation-state or criminal organisation carries out an extensive and stealthy campaign over a long period to infiltrate a specific corporation or government body.
  • Keyloggers: The hacker sends a phishing email containing an infected file, which the victim will inadvertently download and set off an automatic installation process. Once installed, it can store all your keystrokes and steal your login details.
  • Zero-day exploitation: With the knowledge of any hidden weaknesses in the system, the hacker can exploit the gaps to compromise the system. 
  • Remote access trojans (RATs): Here, the hacker installs malware in the target’s computer to gain remote access over it.
  • Man-in-the-middle (MITM) attack: Hackers effectively intercept correspondence between two parties and can steal sensitive information by eavesdropping. 
  • Packet sniffing: Here, the hackers can find a way into your system’s infrastructure and capture network traffic.
  • Steganography: With steganography, hackers hide harmful data in seemingly legitimate and safe files. Once the target opens the files, they unwittingly download harmful payloads designed to wreck their accounts.  
  • Watering hole attacks: Using websites the target frequently visits, hackers can compromise those sites to get to their targets. All the while the victim has no clue where or what the real attacker is.