Cyber Kill Chain

Definition of Cyber Kill Chain

The Cyber Kill Chain is a framework used to describe the stages of a cyberattack, which helps in understanding and countering threats. Developed by Lockheed Martin, it consists of seven phases: reconnaissance, weaponization, delivery, exploitation, installation, command and control, and actions on objectives. This model helps organizations to identify and respond to security breaches by tracking an attacker’s progress and implementing appropriate defense mechanisms.


The phonetic pronunciation for the keyword “Cyber Kill Chain” is:Sigh-burr Kill Chain

Key Takeaways

  1. The Cyber Kill Chain is a framework to help understand and defend against cyber threats, by breaking down a cyber attack into seven chronological stages.
  2. It enables security professionals to identify, prevent, and mitigate cyber attacks by detecting them at each stage and implementing appropriate countermeasures.
  3. Applying the Cyber Kill Chain model helps organizations to improve their cybersecurity posture, reducing the probability of successful attacks and limiting their potential impact.

Importance of Cyber Kill Chain

The technology term “Cyber Kill Chain” is important because it provides a comprehensive framework for understanding and addressing cyber attacks.

Developed by Lockheed Martin, the Cyber Kill Chain outlines the sequential stages that an attacker progresses through to ultimately compromise a target.

By breaking down the attacker’s tactics and methodologies into distinct phases, security professionals can identify vulnerabilities, implement appropriate defenses, and respond effectively to cyber threats.

This approach streamlines communication and collaboration among cybersecurity teams, making it possible to develop more robust and proactive defenses.

Ultimately, the Cyber Kill Chain model enhances an organization’s ability to detect, prevent, and remediate potential cyber attacks, contributing to a more secure digital environment.


The Cyber Kill Chain is a framework developed by Lockheed Martin, which is primarily intended for the identification, prevention, and mitigation of potential cyber threats in a systematic manner. The main purpose of this framework is to provide organizations with a step-by-step guide to understanding an attacker’s movements and strategies, thus enabling them to better defend their networks and protect sensitive data. By analyzing the stages of an attack, security professionals can develop efficient and targeted countermeasures, reducing the chances of successful cyber intrusions.

More importantly, the Cyber Kill Chain also serves as a foundation for proactive cybersecurity measures to improve an organization’s overall resilience and to strengthen its capacity to anticipate cyberattacks. In practice, the Cyber Kill Chain breaks down the stages of a cyberattack into seven distinct steps: reconnaissance, weaponization, delivery, exploitation, installation, command and control, and actions on objectives. During the reconnaissance phase, attackers gather information on their target to identify vulnerabilities.

In the weaponization stage, they create malware or other means to exploit these weaknesses. The delivery phase involves sending the weaponized payload to the target, while exploitation focuses on compromising the system. With the installation of the malware, attackers can then establish command and control, allowing them to communicate with the compromised system.

Finally, during the actions on objectives phase, the attacker pursues the intended goal, which could involve data theft, disruption, or other damaging actions. Understanding these stages equips security professionals with valuable insights, enabling them to counteract threats and implement more effective defensive strategies.

Examples of Cyber Kill Chain

The Cyber Kill Chain is a framework developed by Lockheed Martin to identify and prevent cyber intrusions at different stages. It divides a cyber attack into seven distinct phases, helping organizations understand and respond to threats effectively. Here are three real-world examples of how the Cyber Kill Chain was used to analyze and mitigate cyber attacks:

Target Data Breach (2013):In 2013, US retail company Target suffered a massive data breach, where hackers stole credit card information and personal details of millions of customers. By employing the Cyber Kill Chain, investigators identified the attack stages: the initial intrusion occurred through a spear-phishing email sent to a third-party HVAC contractor, which enabled the attackers to gain access to Target’s internal network, execute custom point-of-sale malware, and exfiltrate the stolen data.

Sony Pictures Hack (2014):In 2014, Sony Pictures Entertainment experienced a severe cyber attack that led to the theft of sensitive data, including unreleased movies, employee personal information, and internal emails. The attackers also damaged the company’s IT infrastructure by deploying destructive malware. The Cyber Kill Chain analysis revealed that the attackers gained access through a spear-phishing campaign, deployed malware to maintain a foothold within the network, moved laterally to gather the desired information, and ultimately leaked the data to the public.

WannaCry Ransomware Attack (2017):The WannaCry ransomware attack in 2017 affected over 230,000 computers across 150 countries, crippling critical infrastructure services, hospitals, and businesses. During the analysis of this attack, the Cyber Kill Chain helped cybersecurity professionals to identify the stages of the attack. The initial stage was the exploitation of a vulnerability in the Windows operating system’s Server Message Block (SMB) protocol. Subsequently, the malware was delivered, installed, and executed, reaching the last stage of the kill chain, where it encrypted files and demanded ransom payments in Bitcoin.

Frequently Asked Questions: Cyber Kill Chain

What is the Cyber Kill Chain?

The Cyber Kill Chain is a framework created by Lockheed Martin that describes the various steps an attacker goes through to successfully carry out a cyberattack. The purpose of understanding this process is to help organizations identify, prevent, and respond to cyber threats more effectively

What are the phases of the Cyber Kill Chain?

The Cyber Kill Chain consists of seven phases: Reconnaissance, Weaponization, Delivery, Exploitation, Installation, Command and Control, and Actions on Objectives. Each phase represents a stage that cyberattackers go through to infiltrate, compromise, and cause damage to their target’s systems or network.

How can organizations use the Cyber Kill Chain?

Organizations can use the Cyber Kill Chain concept to improve their cybersecurity posture by identifying vulnerabilities in their systems and network, developing effective strategies to mitigate risks, and enhancing their incident response capabilities. By understanding the various stages an attacker must pass through, organizations can better establish security measures that make it more difficult for an attacker to move through their network.

What is the difference between the Cyber Kill Chain and the MITRE ATT&CK framework?

Both the Cyber Kill Chain and the MITRE ATT&CK framework are tools to help cybersecurity professionals better understand and combat threats. The Cyber Kill Chain focuses on the high-level phases an attacker goes through, while the MITRE ATT&CK framework is a more comprehensive and detailed taxonomy of various attack tactics, techniques, and procedures. The MITRE ATT&CK framework can be used in addition to the Cyber Kill Chain to aid organizations in providing a complete understanding of cyber threats.

Can the Cyber Kill Chain be applied to all types of cyberattacks?

The Cyber Kill Chain is a flexible framework that can be adapted to the specific needs of an organization or threat landscape. It can be customized to include more detailed information about specific attack techniques, and it can be used in conjunction with other cybersecurity frameworks and tools to build a comprehensive defense strategy. While the Cyber Kill Chain primarily focuses on advanced threats, the principles can be applied to various types of cyberattacks, helping organizations to better defend against a wide range of threat actors.

Related Technology Terms

  • Reconnaissance
  • Weaponization
  • Delivery
  • Exploitation
  • Installation

Sources for More Information


About The Authors

The DevX Technology Glossary is reviewed by technology experts and writers from our community. Terms and definitions continue to go under updates to stay relevant and up-to-date. These experts help us maintain the almost 10,000+ technology terms on DevX. Our reviewers have a strong technical background in software development, engineering, and startup businesses. They are experts with real-world experience working in the tech industry and academia.

See our full expert review panel.

These experts include:


About Our Editorial Process

At DevX, we’re dedicated to tech entrepreneurship. Our team closely follows industry shifts, new products, AI breakthroughs, technology trends, and funding announcements. Articles undergo thorough editing to ensure accuracy and clarity, reflecting DevX’s style and supporting entrepreneurs in the tech sphere.

See our full editorial policy.

More Technology Terms

Technology Glossary

Table of Contents