Back to glossary

Cyber Kill Chain

A model developed by Lockheed Martin that describes the stages of a cyberattack, from initial reconnaissance to the final objective.

Categorysecurity

Overview

The Cyber Kill Chain is a linear model designed to help organizations understand and disrupt the steps an attacker must take to successfully complete a breach. The core idea is that breaking any link in the chain will stop the attack.

The Seven Steps

  1. Reconnaissance: Researching and identifying targets.
  2. Weaponization: Creating an exploit and coupling it with a payload (e.g., a malicious PDF).
  3. Delivery: Sending the weaponized file to the target (e.g., via email).
  4. Exploitation: The malicious code triggers and exploits a vulnerability.
  5. Installation: The attacker installs a persistent backdoor or malware on the system.
  6. Command and Control (C2): The compromised system 'beacons' back to the attacker for instructions.
  7. Actions on Objectives: The attacker achieves their final goal (e.g., data theft or system destruction).

Importance

By mapping their defenses to the Kill Chain, organizations can identify gaps in their security and improve their ability to detect and stop attacks at various stages.

Related Terms

MITRE ATT&CK Framework