The Justice Department warned of “alliances” between hacker groups and foreign nations such as China, Russia, and North Korea to form a “blended threat” posing both criminal and national security challenges to the United States.
The warning came in DOJ’s new Comprehensive Cyber Review report on Tuesday, the result of an internal effort led by Deputy Attorney General Lisa Monaco to prepare DOJ to handle the complicated challenges posed by the sometimes murky cyber landscape.
“Criminal actors and nation states are forming alliances of convenience, alliances of opportunity, and sometimes alliances by design,” the Justice Department said Tuesday. “Today, some nation states allow this criminal activity to persist without consequence — if not expressly condoning activity within its borders — by acting as a safe harbor for these cyber criminals and turning a blind eye. And the consequences of cyber attacks perpetrated by criminal actors can have national security implications.”
The Justice Department discussed “cybercrime as means to generate income for malicious foreign governments” and said the department “has seen a rise in hackers with nation-state ties using cybercrime as a way to generate income that can be funneled into other national security threats.” The report specifically pointed to a 2021 indictment against hackers from North Korea who allegedly participated in online hacking and extortion schemes targeting $1.3 billion from banks and businesses to benefit the North Korean government.
DOJ SEIZES $500K FROM NORTH KOREAN HACKERS WHO TARGETED HEALTH ORGANIZATIONS
The new report also detailed how “techniques developed by nation-state actors can subsequently be used by criminal actors for their own purposes” and pointed to Microsoft’s 2021 announcement about “nation-state cyber intrusions” by a hacker group the company dubbed Hafnium, which DOJ deemed a “state-sponsored threat.” Microsoft said the hacks of its exchange server were sponsored by the government of China, and the U.S. attributed the activity to the Chinese Ministry of State Security last year.
The Justice Department also said that DOJ’s investigations “have on multiple occasions publicly exposed state-sponsored hackers, both employees of intelligence services as well as criminal proxies, targeting the United States’ and allies’ interests” over the past decade, saying the hackers often “moonlighted” by engaging in cybercrimes which both benefited them personally and also sought to advance the “strategic interests” of their home country.
The report then specifically pointed to two 2020 Chinese hacking efforts, one in which a hacker bragged about his links to China’s Ministry of State Security and another in which DOJ flat-out said the hackers were working with the Chinese intelligence agency to target COVID-19 research. DOJ also cited a Russian Federal Security Service effort in 2017 targeting Yahoo! email accounts.
DOJ also detailed the national security threat posed by ransomware attacks, arguing that “malicious cybercriminal actors, many of which are linked to transnational organized criminal groups based in Russia and Eastern Europe, deploy ransomware and digital extortion attacks against U.S. businesses and organizations for profit” and that “when a ransomware attack disrupts or threatens the operations of a significant critical infrastructure organization, it has national security ramifications.”
The report said that both DOJ’s Criminal Division and its National Security Division are key to the department’s work in the cyber realm but that “today’s cyber threat cannot be neatly addressed by the traditional taxonomy of identifying threats as primarily ‘criminal’ or ‘national security’ in nature.”
The Justice Department said that “given that the diverse scope of cybercriminal activity lies on a spectrum between criminal and national security threats, the Department works to harness its collective resources and expertise to address the blended threat posed by cybercrime.” It said that the Justice Department “should continue to find ways to foster multidisciplinary approaches to cyber investigations” and that “cyber prosecutors should be familiar with both the national security tools and the traditional criminal enforcement tools relevant to cyber investigations” to help “eliminate the wall” between “national security” and “criminal” challenges.
CLICK HERE TO READ MORE FROM THE WASHINGTON EXAMINER
The Monaco-led initiative also noted that, for decades, “cybercriminals have seen cyber-enabled means as an effective and deniable method to steal the fruits of U.S. and international companies’ and universities’ innovation” and specifically called out the Chinese government as it “continues to engage in cyber-enabled economic espionage targeting the innovation of American and international companies for the benefit of PRC companies.”
The DOJ report also argued the department is “uniquely positioned to confront the challenge of foreign malign influence” and warned that “foreign malign influence actors seek to leverage the anonymity of the internet to more effectively carry out their campaigns.” The Justice Department pointed to a 2021 indictment charging Iranian nationals “for their role in a cyber-enabled disinformation and threat campaign to influence the 2020 U.S. presidential election,” as well as a 2018 indictment against Russian military intelligence officers for their “international hacking and related influence and disinformation operations.”