What Is the Cyber Kill Chain?

What Is the Cyber Kill Chain?

 By Charles Joseph | Cybersecurity Advocate
 Last update: November 25, 2023

The Cyber Kill Chain is a process used to describe the stages of a cyber attack. It was developed by Lockheed Martin in 2011 and is now widely used by security professionals, organizations, and government agencies.

Stay One Step Ahead of Cyber Threats

Want to Be the Smartest Guy in the Room? Get the Latest Cybersecurity News and Insights.
We respect your privacy and you can unsubscribe anytime.

The Kill Chain consists of seven phases:

  1. Reconnaissance – profile your target, gather information; document publicly available system and network configuration
  2. Weaponization – identify an exploit, or create one yourself; couple it with a payload that’s delivered after a successful exploitation
  3. Delivery – “deliver” or send the exploit to your target
  4. Exploitation – execute the exploit on the target
  5. Installation – now that the exploit has executed, gain persistence by installing backdoors
  6. Command and control (C2) – create a method of communication between yourself and the target; this usually occurs via a C2 node
  7. Actions on objectives – complete your objective(s), e.g., exfiltrate data

Understanding each phase of the attack lifecycle and identifying methods for stopping an attack before it reaches its goal or objective can help protect an organization from cyber attacks.

"Amateurs hack systems, professionals hack people."
-- Bruce Schneier, a renown computer security professional