Cyber Kill Chain

The Cyber Kill Chain is a model developed by Lockheed Martin to outline the stages of a cyber attack. It consists of seven steps: reconnaissance, weaponisation, delivery, exploitation, installation, command, control and actions on objectives. By breaking down the attack process, the Cyber Kill Chain helps security teams identify and respond to threats more effectively at each stage. The goal is to detect and disrupt attackers before they can achieve their objectives, such as data theft or system damage.

An example of the Cyber Kill Chain:

Reconnaissance: An attacker researches potential targets, collecting email addresses from a company’s website.
Weaponisation: A malicious attachment is created.
Delivery: The attacker sends a phishing email containing the attachment to the target.
Exploitation: The recipient opens the attachment, activating malware.
Installation: The malware is installed on the victim’s computer.
Command and Control: The attacker establishes remote control over the compromised system.
Actions on Objectives: Sensitive data is exfiltrated from the system.

For more details, visit: Lockheed Martin Cyber Kill Chain

The Cyber Kill Chain and MITRE ATT&CK are both frameworks designed to counter cyber threats, but they have distinct approaches.

The Cyber Kill Chain, developed by Lockheed Martin, outlines seven linear stages of a cyber attack, from reconnaissance to the attacker achieving their goal. It focuses ona detecting and disrupting attacks at various points.
The MITRE ATT&CK framework is more detailed, mapping out adversaries' real-world tactics and techniques post-compromise, giving defenders granular insights into attacker behaviours within compromised environments.

While both are valuable, MITRE ATT&CK offers a deeper analysis of attacker methods after initial access.

See MITRE ATT&CK