At what stage do attackers carry out their intended actions in the cyber kill chain?

The stage in the cyber kill chain where attackers carry out their intended actions is known as "Actions on objectives." This phase occurs after an attacker has successfully gained access and established control over a target system. During this stage, the attackers implement their goals, which could include exfiltrating data, deploying malware, disrupting services, or otherwise achieving the specific objectives of their attack.

In the cyber kill chain model, each phase builds on the previous one, leading up to this critical point where the attacker can execute their planned actions. Understanding this stage is vital for cybersecurity professionals as it emphasizes the importance of detection and response efforts during and after an attack, focusing on limiting damage and recovering from the incident.

The other stages mentioned serve different purposes in the overall attack strategy. For example, "Installation" refers to the phase where malware is placed on the target system to establish a foothold, while "Command and control" involves the establishment of channels for the attacker to communicate and control compromised systems. "Exploitation" is the phase where vulnerabilities are exploited to gain access. Each of these stages contributes to the overall attack framework, but it is during "Actions on objectives" that the true intent of the attacker is realized.