Contact Us Today 01642 716680

Cyber Kill Chain

Definition: The Cyber Kill Chain is a model developed by Lockheed Martin that outlines the stages of a cyber attack, from initial reconnaissance to the accomplishment of the attack's goal (typically data exfiltration or system compromise). It serves as a framework for understanding the sequence of events involved in a cyber intrusion and for developing preventive and defensive strategies.

The Cyber Kill Chain framework breaks down an attack into seven distinct stages: reconnaissance, weaponisation, delivery, exploitation, installation, command and control (C2), and actions on objectives. By analysing each stage, security professionals can identify and disrupt the attack process, ideally before attackers achieve their ultimate objectives.

This model helps in creating layered defensive strategies that address threats at each step of the chain. Although the Cyber Kill Chain has been widely adopted and praised for its structured approach to security, it has also faced criticism for its linear progression model, which does not always represent the fluid nature of cyber attacks.

Key Characteristics:

  • Proactive Defense: Provides a structure for identifying potential threats and tactics before an attack is successful.
  • Step-by-Step Analysis: Enables detailed examination of an attacker’s progress through successive stages.
  • Strategic Countermeasures: Helps in developing targeted defensive strategies at each stage of the intrusion.
  • Disruptive Tactics: Aims to disrupt or halt the attack process at any point along the chain.


  • Real-World Example: A company applies the Cyber Kill Chain model to strengthen its email filters and user training after identifying that phishing emails are the primary attack delivery method for spear-phishing campaigns.
  • Hypothetical Scenario: An attacker conducting a ransomware campaign is thwarted during the weaponisation stage due to robust endpoint security software, preventing the delivery and subsequent encryption of the target’s data.

Related Terms:

  • Reconnaissance: The first step in the Cyber Kill Chain, where attackers gather information about their targets.
  • Advanced Persistent Threat (APT): A category of threat that often follows a similar progression to the Cyber Kill Chain, involving long-term, strategic assaults on specific targets.
  • Indicator of Compromise (IoC): Evidence on a computer or network that indicates a potential breach of security, which can be identified at various stages of the Cyber Kill Chain.

Related Services:

What is the OWASP Top 10: Download our flash cards to find out.

Inside you will find a description of the most common web vulnerabilities.

Contact us

Get a free, no obligation quote from one of our expert staff.