The 2019 Global Threat Report by CrowdStrike shows that Russian hacking groups with ties to Moscow are able to start moving laterally across a compromised network in under 20 minutes after they have gained a first foothold. This average “breakout time” is far faster than that of state-backed hackers from other US adversaries. North Korean hackers take 2 hours longer to achieve lateral movement, while Chinese hackers need a total of about 4 hours and Iranian threat actors require over 5 hours. Cybercriminals take close to 10 hours.
While the researchers had expected Russian hackers to clinch the top spot, CrowdStrike CTO Dmitri Alperovitch explained they were surprised “how fast they can move inside a network once they get a foothold.” He mentioned that the North Korean edge over China “is likely due in part to North Korean actors having almost 20 years of experience in pursuing a very aggressive cyber offensive program,” adding that he considers North Korean hackers as “the most innovative threat actors in terms of their use of cyber offensive operations.” All four countries are notorious for their hacking operations that target government agencies and businesses around the world.