Table of Contents
    Home / Definitions / Cyber Kill Chain
    Security 1 min read

    A kill chain is used to describe the various stages of a cyber attack as it pertains to network security. The actual model, the Cyber Kill Chain framework, was developed by Lockheed Martin and is used for identification and prevention of cyber intrusions.

    The actual steps in a kill chain trace the typical stages of a cyber attack from early reconnaissance to completion where the intruder achieves the cyber intrusion. Analysts use the chain to detect and prevent advanced persistent threats (APT).

    The 7 steps of The Cyber Kill Chain

    According to Lockheed Martin’s APT documentation, the seven steps of the Cyber Kill Chain include the following:

    1. Reconnaissance – Example: harvest email accounts
    2. Weaponization – Example: couple an exploit with a backdoor
    3. Delivery – Example: deliver bundle via email or Web
    4. Exploitation – Example: exploit a vulnerability to execute code
    5. Installation – Example: Install malware on target
    6. Command and Control – Example: Command channel for remote manipulation
    7. Actions on Objectives – Example: Access for intruder to accomplish goal

    Cyber Kill Chain

    Image Source: Seven Ways to Apply the Cyber Kill Chain; Lockheed Martin Corporation.

    Cyber Kill Chain is a registered trademark of Lockheed Martin Corporation.