Source: US FBI
How We’re Fighting Back
The FBI’s ability to both collect and act on intelligence is crucial to our fight against the China threat. On the cyber front, this includes sharing lessons learned with the private sector and outreach to potential victims, using our technical prowess to halt cyber intrusions and safeguard victims, and taking additional “law enforcement actions” to disrupt and deter cyber incidents.
The FBI fights back against China through Bureau-led “joint, sequenced operations” alongside our partners. “As part of those operations, we’re often sharing targeting and other information with partners like U.S. Cyber Command, foreign law enforcement agencies, the CIA, and others, and then acting as one,” he said.
Wray used the FBI’s responses to the aforementioned cyber compromises to illustrate what these collaborative operations can look like in practice.
In the case of the Microsoft Exchange hack, he said, the FBI “leaned on our private sector partnerships, identified the vulnerable machines, and learned the hackers had implanted webshells—malicious code that created a back door and gave them continued remote access to the victims’ networks.”
From there, he said, we co-authored and distributed a joint cybersecurity advisory with our partners at the Cybersecurity and Infrastructure Security Agency to arm “network defenders” with “the technical information they needed to disrupt the threat and eliminate those backdoors.”
And when some victims had trouble removing the dangerous code on their own, the FBI worked with Microsoft to execute “a first-of-its-kind surgical, court-authorized operation, copying and removing the harmful code from hundreds of vulnerable computers ,” he explained. This, in turn, removed the hackers’ access to victims’ networks.
And in the case of Volt Typhoon, the FBI leveraged partnerships to share threat intelligence and to combat the actors responsible for the hack. After the Bureau learned that the malware was targeting U.S. critical infrastructure, we co-authored similar advisories that characterized the threat, called out the perpetuators, and provided victims with guidance for protecting themselves.
Then, we collaborated with private sector partners “to identify the threat vector and conduct a court-authorized operation—in coordination with others—to not only remove Volt Typhoon’s malware from the routers it had infected throughout the U.S., but also to sever their connection to that network of routers and prevent their reinfection.”
How Partners Can Join the Fight
Wray said that private sector organizations and academia, alike, can partner with the FBI to protect the nation’s “most essential networks” and to conduct “joint, sequenced operations.”
Since private companies own most of our nation’s critical infrastructure, they can help the FBI by defending against Chinese attacks and sharing “vital information about what adversaries are doing—or preparing to do—against us,” he said.
Vigilance, he said, is vital to this effort. “That includes resiliency planning—things like developing an incident response plan, actually testing and exercising that plan, and fortifying networks and devices to make the attack surface as inhospitable as possible,” he added. These plans should indicate when a company will contact the Bureau for assistance in the event of a cyber intrusion, he noted.
Likewise, he encouraged private sector organizations to keep an eye on their “hardware and supply chains” to avoid potential compromise, such as the Solar Winds hack that used “innocuous-looking software updates” as a vector.
“Vetting your vendors, their security practices, and knowing who’s building the hardware and software you’re granting access to your network is crucial, so push for transparency into what vendors and suppliers are doing with your data and how they will maintain it,” he said.
Wray said partnerships are critical to countering the risk posed by China, and that it’s vital for cyberattack victims to promptly notify the FBI. That way, we can gather threat intelligence that can help us both assist victims and mitigate risk to other organizations and sectors.
“We’ve seen the best outcomes in situations where a company made a habit of reaching out to their local FBI field office even before there was any indication of a problem, because that put everyone on the same page and contributed to the company’s readiness,” he said.
The FBI has also been long-dedicated to cultivating bonds within academia, he said, noting that partnerships between the FBI and academic institutions can give the Bureau a better understanding of the issues these institutions face when interacting with the Chinese government. They can also benefit academia by giving institutions “a better understanding of national security threats and make informed decisions about how to deal with them,” he added.
Resources: