"Actions on Objectives" is the seventh and final step of the Cyber Kill Chain. At this point, the attacker takes the actions planned at the first stages of the cyber attack. The attacker goes through numerous phases each of which needs to be accomplished succesfully before getting to this step. Therefore, the attacker can carry on the desired operations on the system.
When the attackers reach this level, their targeted moves may differ. At this step, the attackers’ actions are determined by their purpose and motivation. If the attacker's primary goal is to cause system damage, they may delete critical information, as an example. The following are some of the steps that the attacker can conduct at this stage:
At this stage, blue teams may need to take different actions based on each particular process to detect and stop attacker activity. First and foremost, the system must be regularly monitored. It may be possible to identify malicious activity on the system in this way. After the detection phase, the detected action should be followed by the appropriate action. One of the most fundamental measures that SOC teams may take is to prevent attackers from exfiltrating data from the organization to outside. Because data leakage is one of the most common cyber attack outcomes today. The following are some measures that are to be taken at this stage: