The lines between criminal hacking groups and intelligence operations in countries like Russia, Iran and China have increasingly blurred, senior U.S. officials said on Wednesday, making Washington’s job in curbing cyberattacks all the harder.
In recent years, some Russian hackers who have locked U.S. businesses with ransomware have proclaimed support for the Kremlin, the officials said, while Russian intelligence officers have at times moonlighted as criminal hackers, or used black-market tools to obscure hackers’ ties to their respective governments.
The overlap adds more complexity to an already difficult process of analyzing and attributing cyberattacks in real time, said
assistant attorney general for national security at the Justice Department.
“In some cases, these groups are abetted by the intelligence services,” Mr. Olsen said, speaking at the WSJ Pro Cybersecurity Forum Wednesday. “They’re not only just accepted, but they’re supported by the intelligence services.”
The blending of the criminal underground and cyber intelligence services comes as U.S. officials have stepped up efforts to derail hacking groups, thwart foreign espionage and help businesses build more resilience to ransomware.
Still, the government’s legal weapons to address intrusions “are the same regardless of whether it’s a nation-state carrying out these attacks or whether it’s criminal actors,” Mr. Olsen said.
Making judgments on when groups like Russian ransomware gangs effectively become Kremlin agents is very “fact-specific,” he added. “But we often have some insights from our intelligence agencies.”
Earlier Wednesday, Federal Bureau of Investigation Director
said parsing such distinctions is a “key question” in his agency’s cyber efforts.
“When do criminal actors become agents of their host?” Mr. Wray said, speaking at the Boston Conference on Cyber Security. “Does money have to change hands, or is publicly pledging support to a foreign government enough?”
The Russia-linked ransomware group known as Conti, for instance, promised “full support” of the Kremlin following its February invasion of Ukraine, warning that it would launch cyberattacks on Russia’s behalf.
The gang has since been riddled by internal dissent after the leak of 200,000 of its chat messages and a U.S. offer of rewards totaling $15 million for information leading to the top hackers’ arrests.
In March, The Wall Street Journal reported that Conti’s attacks on hospitals, local governments and other organizations last year drew collective ransom payments of $200 million.
Write to David Uberti at firstname.lastname@example.org
Copyright ©2022 Dow Jones & Company, Inc. All Rights Reserved. 87990cbe856818d5eddac44c7b1cdeb8