A security team receives a ticket to investigate suspicious emails sent to company employees from...

The Delivery phase of the Cyber Kill Chain is the stage where an attacker transmits a malicious payload to the target. In phishing attacks, this typically occurs through email messages containing malicious links or attachments sent to intended victims.

In this scenario, the phishing emails were identified and blocked by the organization’s email antivirus solution before they reached users or were interacted with. This indicates that the attack was mitigated during the delivery phase, as the malicious content was stopped in transit and never executed on the target systems.

Weaponization refers to the creation of malicious payloads, which occurs before delivery. Command and Control involves establishing remote communication with compromised systems, which requires successful execution. Actions on Objectives represent the final stage where attackers achieve their goals, such as data theft or account compromise.

Cybersecurity operations fundamentals emphasize that email security controls are designed to disrupt attacks as early as possible in the kill chain. Blocking phishing emails at delivery significantly reduces risk and prevents downstream compromise.

Therefore, the correct answer is Delivery.