The following information was obtained from the different cyber security sources for notification to all parties concerned pursuant to the mandate of the Philippine National Police Anti-Cybercrime Group (PNP ACG).

The information provided was classified as Restricted pursuant to the PNP Regulation 200-012 on Document Security and Impact Rating as high based on PNP Information Communication Technology (ICT) Security Manual s.2010-01 p. 22 and p.129.


“A Cyber Kill Chain reveals the stages of cyberattack from early reconnaissance to the goal of data exfiltration.  The kill chain can also be used as a management tool to help continuously improve network defense”1

The cyber kill chain was developed by Lockheed Martin which is used to describe the various stages of a cyber attack as it pertains to network security.  It is used for identification and prevention of cyber intrusions.

The 7 steps of the kill chain includes:  reconnaissance which involves the harvesting of email addresses, conference information and other pertinent information; weaponization which contain coupling exploit with backdoor into deliverable payload; delivery which consist of delivering weaponized bundle to victim via email, web, USB and other similar means; exploitation which exploits a vulnerability to execute code on victim’s system; installation which installs malware on the asset; command and control (C2) which is the command channel for remote manipulation of victim; and actions on objectives with ‘hands on keyboard’access, intruders accomplish their original goals


PNP personnel and the public are advised to follow the tips for intelligence reconstruction:

  • Defenders must always analyze backward to understand earlier steps in the kill chain. The threats will come back again.  Learn how they got in and block it for the future.
  • Blocked intrusions are equally important to analyze in depth to understand how the intrusion would have progressed.
  • Measure effectiveness of your defenses if it progressed. Deploy mitigations to build resilience for tomorrow.

For additional information, please refer to the following websites:



Please contact PCINSP ANGELICA STARLIGHT L. RIVERA, Chief, Personnel Records Management Section thru email address This email address is being protected from spambots. You need JavaScript enabled to view it. or contact us on telephone number (632) 7230401 local 3562 for any inquiries related to this CYBER SECURITY BULLETIN.