Attack chain

An attack chain is a cybersecurity risk concept that describes the sequential phases an adversary follows to achieve a malicious objective, such as data exfiltration or system compromise. Often synonymous with the cyber kill chain, it typically progresses through reconnaissance, weaponization, delivery, exploitation, installation, command and control, and finally actions on objectives. This structured framework is essential for threat intelligence and risk management, enabling security teams to understand how attacks unfold from initial preparation to final impact.

By mapping adversarial tactics, techniques, and procedures (TTPs) to each stage of the attack chain, organizations can implement targeted countermeasures, improve threat detection, and optimize incident response. Identifying where an attacker is within the chain allows defenders to disrupt campaigns before they reach their objective, strengthening overall cyber resilience and supporting a proactive security posture.