Introducing Operational Phases
In a cyber operation, there are phases that occur, moving from operation conception to operational action. These phases each contain a serial chain of logically connected activities aimed at a singular or cumulative goal.
A phase is usually marked by achievement of one or more significant intermediary objectives. A phase may be limited by time or by objective achievement. From a strategic perspective, a phase may continue for months or even years.
Not all phases occur between the victim and the attacker.
An example is a cyber operation aimed at achieving intial access into a victim. The preparation phase may take weeks, months or even years to complete. In most cases, its weeks to months, but iterating though the stages of intel gathering, ops planning, logistics, and assembly is where the time investment happens. Very little of this is visible to the ultimate victim barring them engaging the service of a very competant intelligence company.