Skip to main content


Home Lateral movement

Lateral movement

(also network lateral movement)

Lateral movement definition

Lateral movement refers to the gradual infiltration of a network to reach the desired target. After compromising an endpoint, the hackers are able to stealthily move from process to process until they are in a position to steal or destroy valuable data. Lateral movement is a key component of advanced persistent threats (APT).

Lateral movement stages

  • Reconnaissance: The attacker scouts the network, trying to understand its structure, hierarchies, naming conventions, and other details necessary for infiltration. In many ways, the reconnaissance stage is similar to vulnerability assessments carried out by cybersecurity professionals.
  • Infiltration: Using the knowledge obtained from reconnaissance, the attacker enters and begins to stealthily move across the network. For example, the hacker may use social engineering to steal employee credentials, log in to their account, and then use privilege escalation techniques to penetrate deeper into the network.
  • Access: Once the target is located, the hacker executes the objective of the cyber attack — deploying malware, vandalizing contents, or stealing confidential data.

Stopping lateral movement

  • Implement end-point security to prevent attackers from gaining a foothold in the network.
  • Protect high-value targets with appropriate cybersecurity measures and authorization requirements. High-level accounts should be accessed and used only when needed.
  • Use microsegmentation to partition the network into specialized segments, preventing free movement of data and processes between unrelated sectors.
  • Raise cybersecurity awareness within the organization — teach staff about common attack methods and make sure they know how to respond to perceived threats.