The cyber kill chain is a model that describes the attack process on IT systems and identifies the stages that an attacker goes through to carry out a successful attack. It consists of the following phases:
- Reconnaissance: gathering information about the target to develop an attack plan.
- Weaponization: The creation of malware or other attack tools.
- Delivery: transferring the malware to the target, e.g. via email attachments or social engineering.
- Exploitation: using a vulnerability in the system to gain access.
- Installation: Install malware on the target system.
- Command and control (C2): Transmission of commands and data to and from controlled systems.
- Actions on objectives: execution of the attacker’s desired actions on the targets, e.g., data theft or system takeover.