The Cyber Kill Chain specifies seven steps (or phases) and sequences that a threat
actor must complete to accomplish an attack:
1 Reconnaissance – The threat actor performs research, gathers intelligence, and selects targets.
2. Weaponization – The threat actor uses the information from the reconnaissance phase to develop
a weapon against specific targeted systems.
3. Delivery – The weapon is transmitted to the target using a delivery vector.
4. Exploitation – The threat actor uses the weapon delivered to break the vulnerability and gain
control of the target.
5. Installation – The threat actor establishes a back door into the system to allow for continued
access to the target.
6. Command and Control (CnC) – The threat actor establish command and control (CnC) with the
7. Action on Objectives – The threat actor is able to take action on the target system, thus achieving
the original objective.