Routine Activity Theory (RAT) is used by criminologists to explain the situational factors that influence crime in the physical world. RAT states that crime is most likely when a motivated offender, a vulnerable victim, and a lack of capable guardianship converge. We hypothesize that the time of cybercriminal actions will align with the principles of RAT. We analyzed data from over 20,000 intrusions on a large set of target computers over a period of four years. A statistically significant pattern is found in the time of intrusions in the local timezone of the victim hosts and native timezone of the attacker; intrusions geolocated to China demonstrate a stronger statistically significant pattern. The results suggest that RAT does apply to cyberspace, and further conclusions and policy implications are discussed.