Russian hackers move within victims' systems less than 19 minutes after entering, report finds

Russian-backed hackers are able to enter and then move through their victims' networks significantly faster than actors from any other major nations, according to a new report released Tuesday.

This means the hackers are likely able to to collect valuable data before they're discovered and forced to stop, the report from security firm CrowdStrike found.

It said that it takes Russian actors less than 19 minutes to move within a network that they’ve compromised. That’s much less time than the next fastest-moving hackers out of North Korea, who generally take about two hours and 20 minutes to make their next move within a victim’s system.

The Chinese were found to be the next fastest, with hackers from that country accessing another part of a network about four hours after having initially compromised it.


The CrowdStrike report states that there could be several unknown reasons why a hacker might not immediately move to another system once they’ve accessed a victim’s network. But the researchers noted that cyber actors likely have to move faster to avoid being detected and blocked as security measures in cyberspace improves.

Determining how quickly hackers move within networks is likely useful for companies that want to track how quickly they're able to find, investigate and block hackers, CrowdStrike found.

"Speed is essential in cybersecurity — for both offense and defense," the report states, saying that hacking groups are often ranked by "how rapidly they can achieve their objectives."

U.S. officials have increasingly warned of cyberattacks from adversaries like Russia, China, Iran and North Korea.

The CrowdStrike report similarly focused on actions stemming from those four countries, but noted that there are other cyber activities tied to other nations.