Lateral Movement
Techniques used by attackers to progressively move through a network after initial compromise.
Full Definition
Lateral movement refers to the techniques threat actors use to progressively navigate through a network after gaining initial access, seeking higher-value targets, sensitive data, or privileged systems. It is a critical phase in most advanced attacks and the stage at which a breach transforms from a single compromised endpoint to a full network intrusion.\n\nCommon lateral movement techniques include pass-the-hash, pass-the-ticket, Kerberoasting, abuse of legitimate admin tools (PsExec, WMI, PowerShell), and exploitation of trust relationships between systems. Attackers may move laterally for weeks or months, mapping the environment and escalating privileges before executing their final objective.\n\nDetecting lateral movement requires network segmentation, behavioral analytics, zero-trust architecture, and monitoring of privileged account usage. Stolen credentials from infostealers frequently provide the keys for lateral movement without requiring exploits.
Related Terms
Privilege Escalation
Gaining higher levels of access than originally authorized within a system or network.
Attack TypesPersistence
Techniques attackers use to maintain access to a compromised system across reboots and credential changes.
Attack TypesAdvanced Persistent Threat (APT)
A prolonged, targeted cyberattack by a sophisticated, often state-sponsored threat actor.
Threat ActorsCredential Stuffing
Automated injection of stolen username/password pairs to gain unauthorized access to accounts.
Attack TypesMonitor Your Exposure on Whiteintel
Understanding threats is the first step. Whiteintel continuously monitors dark web sources, stealer logs, and breach databases so you know the moment your organization's data is at risk.