anavem.
Back to Glossary
K

Kill Chain (Cyber Kill Chain)

A framework describing the stages of a cyberattack, from reconnaissance to achieving objectives, used to improve defensive strategies.

What is the Cyber Kill Chain?

The Cyber Kill Chain, developed by Lockheed Martin, is a framework that describes the stages of a cyberattack. Understanding these phases helps defenders identify and stop attacks at various points in the sequence.

Kill Chain Stages

  1. Reconnaissance: Attacker researches target

    • Gathering email addresses, network info, vulnerabilities

  2. Weaponization: Creating attack tools

    • Developing malware, creating exploit payloads

  3. Delivery: Transmitting weapon to target

    • Phishing emails, malicious websites, USB drops

  4. Exploitation: Triggering the attack

    • Exploiting vulnerabilities, executing code

  5. Installation: Establishing persistence

    • Installing backdoors, malware, rootkits

  6. Command & Control (C2): Establishing communication

    • Setting up channels for remote control

  7. Actions on Objectives: Achieving goals

    • Data theft, destruction, ransomware deployment

Defensive Strategies

Each stage offers defensive opportunities:

  • Detect: Identify attacker activity
  • Deny: Prevent attack success
  • Disrupt: Interrupt attack progress
  • Degrade: Reduce attack effectiveness
  • Deceive: Mislead attackers