Cyber Security

The Kill Chain - How Hackers Steal Your Data

Branko Ninkovic
March 29, 2019

Have you ever taken the time to think about how hackers end up inside your organisation? This thought process is the first place to start when looking at creating your security roadmap – by thinking like a hacker, you can create strategies in preventing them from infiltrating into your systems.

In all cases, hackers follow the one same approach from infiltration to exfiltration and is commonly referred to as a Kill Chain, a concept derived from the Lockheed Martin Cyber Kill Chain®.

The Kill Chain is a protocol which details the step-by-step approach a hacker performs to penetrate a target and takes in all the process from their initial reconnaissance around their target to their final actions and objectives.

For most CEOs and directors, the use of military terms such as weaponisation, command and control may be overkill (pun intended) so I have simplified the chain down to 3 core steps in line with business-friendly terms

Reconnaissance, Breach and Monetisation.


The first step for a hacker is to collect and ascertain information or intelligence on the people and systems with the end goal to have sufficient information to aid and launch their attack. Hackers will start with the Internet and social media to profile key personnel and to profile the business.

From the intelligence they gather during the reconnaissance, the hacker will develop their attack approach based of the information collected before moving to the breach step.


Based on the intelligence gathered, the hacker puts into motion the plan developed to infiltrate the target.  

With persistence, combined with lax security or lack of internal awareness, the hacker finds a means to gain a beachhead into your systems with an objective of remaining undetected whilst they explore your systems looking for valuable data or means to create destruction based on their motives.


Once the hacker has a beachhead into your systems, they can delve deeper into your systems across the organization and are in a position to prepare for data exfiltration (or data/systems destruction).

By this stage, a competent, professional hacker would have established a secure communication backchannel to an outside server they control (compromise to prevent future identification) and would commence their of transfer data - credit card numbers, emails, passwords, IP and any valuable files from the corporate network to their external, compromised server. Once extracted, the captured data is readied for sale on the dark web to the highest bidder.

In a follow-up post, I will talk about how an organisation can break the kill chain, and how to respond when you have identified a breach.

Next steps

Our intimate knowledge of the strategies used by Hackers to breach systems goes a long way towards building cyber resilience. Take advantage of our expertise by booking your Free 30-minute consultation to help you clarify your next steps, identify quick wins and compliment your current activities.