Cyber Kill Chain

Developed by Lockheed Martin, the Cyber Kill Chain provides a framework for the life cycle of a cyberattack. This framework gives a different perspective to security analysts to help understand the techniques and processes of the attacker. Below is a brief description of the different phases of the Cyber Kill Chain (Sager, 2014):

ReconnaissanceResearches the target and its vulnerabilities
WeaponizationGenerates malware to exploit vulnerabilities
DeliveryMalware is transmitted to target
ExploitationMalware is triggered
InstallationMalware installs backdoor
Command and ControlHacker can type commands
Action on ObjectivesHacker attempts to achieve the objectives of the attack

It is important to note that the Cyber Kill Chain focuses heavily on intrusion techniques. The first six steps of the model focus on the intrusion aspects of the attack, while the last step focuses on the purpose, which can often last for months while attackers slowly meet their objectives. It is important for cybersecurity analysts to understand every step of the Cyber Kill Chain in order to better predict, intercept, and learn to defend against attackers.


Sager, T. (2014, July). Killing advanced threats in their tracks: An intelligent approach to attack prevention.,d.eWE