An attacker has successfully exploited a vulnerability on a server. To ensure continued access even if the server is rebooted or the initial vulnerability is patched, the attacker modifies system startup files and adds a new service. In which stage of the Cyber Kill Chain is the attacker operating?
The correct answer is 'Installation'. This stage of the Cyber Kill Chain involves installing malware, creating backdoors, or making other system changes to establish and maintain a persistent foothold in the target environment. Reconnaissance is the initial information-gathering phase. Command and Control (C2) is the subsequent stage where the installed malware communicates with the attacker for remote control. Actions on Objectives is the final phase where the attacker carries out their ultimate goal, such as data exfiltration.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is the purpose of the 'Installation' stage in the Cyber Kill Chain?
Open an interactive chat with Bash
How does the 'Installation' stage differ from 'Command and Control' (C2) in the Cyber Kill Chain?
Open an interactive chat with Bash
Why do attackers modify system startup files during the 'Installation' phase?