Dive Brief:
- As the Ukraine war grinds on, the FBI has seen Russia take steps to launch potentially destructive attacks against U.S. and overseas targets, spurring the agency to warn potential targets and disrupt attacks, FBI Director Christopher Wray said. Wray, speaking Wednesday at the Boston Conference on Cyber Security, said the Russia-based ransomware gangs have engaged in cyber activity in support of the Russian government.
- But China has closely watched events since the start of the Ukraine war, Wray said, and is by far the largest nation-state threat to the U.S. China's efforts to dominate global technology has come, in part, from stealing research and proprietary secrets from U.S. companies.
- Other nation-state adversaries have actively targeted the U.S. too, Wray said. The FBI helped disrupt an Iran-sponsored attack on Boston Children’s Hospital in 2021, calling it one of the most despicable cyberattacks he’s seen.
Dive Insight:
The speech comes at an urgent time for the FBI and other federal agencies looking to prevent a potentially catastrophic act of retaliation by Russia-linked threat actors since the invasion of Ukraine in February
The FBI, working in concert with the Cybersecurity and Information Security Agency, the National Security Agency and foreign allies, has repeatedly warned industries about potential malicious cyber activity against critical infrastructure sites, including energy, utilities and water.
Wray reminded the conference that Russia was behind the 2017 NotPetya attacks, which started out as an attack that appeared to be criminal in nature, but rapidly spread across Europe, hit the U.S., Australia and even some organizations inside Russia.
“Now in Ukraine, we see them again, launching disruptive attacks using tools like wiper malware,” Wray said. “And we’re watching for their cyber activities to become more destructive as the war keeps going poorly for them.”
The agency was part of an April operation to disrupt Cyclops Blink, a state-backed botnet that was used by the Sandworm threat actor to infect thousands of devices worldwide. The botnet had been used to infect WatchGuard firewall appliances and Asus routers.
More recently, security researchers disclosed the development of destructive custom-made malware that could sabotage major industrial sites. Researchers said the malware, dubbed Pipedream or Incontroller, has not been officially attributed to any particular state actor. Wray did not especially mention the industrial malware during his address.
For the FBI, the conference was another opportunity to admonish listeners about the need for public-private information sharing. During a brief question and answer session, Wray reminded conference attendees and virtual participants about the need for U.S. companies to come forward with any potential cyberthreats or extortion demands.
The FBI is capable of disrupting operations, Wray said, and in some cases tracing and recovering ransom payments if information is gathered early.
Beyond reaction, FBI cyber efforts can aid attack deterrence too. Wray did not provide much detail on the plot against the hospital, but said the agency got a report from an intelligence partner of an impending attack. Agents from the FBI Boston field office quickly notified hospital officials, who confirmed the incident to Cybersecurity Dive.
“Thanks to the FBI and our Boston Children’s Hospital staff working so closely together, we proactively thwarted the threat to our network,” hospital spokesperson Sarah Tanner said via email.
