What is the Cyber Kill Chain?

The cyber kill chain is a model that describes the attack process on IT systems and identifies the stages that an attacker goes through to carry out a successful attack. It consists of the following phases:

1. Reconnaissance: gathering information about the target to develop an attack plan.
2. Weaponization: The creation of malware or other attack tools.
3. Delivery: transferring the malware to the target, e.g. via email attachments or social engineering.
4. Exploitation: using a vulnerability in the system to gain access.
5. Installation: Install malware on the target system.
6. Command and control (C2): Transmission of commands and data to and from controlled systems.
7. Actions on objectives: execution of the attacker’s desired actions on the targets, e.g., data theft or system takeover.