Victims of Russian state-sponsored hacking have just 19 minutes to react before the initial intrusion moves on to wider access, theft, and destruction, a startling report from cyber security firm CrowdStrike reported.
In comparison, the second-fastest groups were North Koreans, who needed an average of two hours to jump from the first compromised computer to the second; Chinese groups needed an average of four hours, Defense One reported.
"Breakout time" refers to the amount of time it takes the attacker to jump between network nodes once on the network, and also "shows how much time defenders have on average to detect an initial intrusion, investigate it and eject the attacker from the network, before sensitive data can be stolen or destroyed," CrowdStrike analysts wrote in a 2018 post.
The agility of Russian groups has long been known, Defense One reported — adding it was a signature element of the 2015 penetration of the Joint Chiefs' civilian email system and the following year's attack on the Democratic National Committee's network.
"The stats are likely driven by a cross of several factors," senior fellow at New America told Defense One, adding: "But an average of 18 minutes is really quite amazing given the scale. Game respects game."
In 2018, the Russians targeted defense and military entities throughout Europe and NATO as well as think tanks, the 2018 PyeongChang Winter Games and even the Swiss lab working on the poisoning of ex-Russian spy Sergei Skripal, Defense One noted.
"The Russians are the most aggressive and risk-tolerant because they've broken so many international norms and faced so few repercussions that they don't really believe there will be any serious consequences to their action," said Mike Carpenter, a former deputy assistant defense secretary for Russia, Ukraine, and Eurasia, Defense One reported.