FBI director warns that Russia might resort to destructive cyberattacks

The director of the FBI on Wednesday said the intelligence agency is “laser focused” on thwarting Russian cyber operations, warning that the country has taken steps to launch potential destructive attacks.

In a far-reaching keynote address delivered at Boston College’s Conference on Cyber Security, FBI Director Christopher Wray spoke about immediate threats tied to Russia’s war on Ukraine, saying that the country’s “recklessness with human lives carries over to how they act in cyberspace.”

The threat of wiper malware and other damaging attacks has prompted the FBI to launch operations earlier in the process than they might have in the past — such as when they observe Kremlin-linked hackers scanning organizations, instead of when they attempt to deploy malware or steal information. “Russia has… gained access to thousands of companies, including critical infrastructure,” Wray said. “They could use the same access to do something potentially destructive.”

In recent months, the FBI has pushed out technical indicators and guidance not just to government agencies, but to private companies and critical infrastructure operators that may be the target of attacks, Wray said. “We’ve seen the Russian government taking specific preparatory steps towards potential destructive attacks, both here and abroad… We’re watching for their cyber activity to become more destructive as the war keeps going poorly.”

Wray cited the Department of Justice’s takedown of the Cyclops Blink botnet in March — which was used by Russian’s Main Intelligence Directorate (GRU) to control thousands of infected devices — as an example of how the U.S. government is taking an increasingly proactive approach to stopping cyberattacks launched by the Kremlin.

“That was a pretty solid hit against Russian intelligence, and it shows there’s quite a bit we can do” to help companies targeted by Russia, Wray said.

Wray added that the DoJ has developed a three-pronged approach to imposing costs on hackers: focusing on the people, their infrastructure, and their money. In addition to arresting and extraditing the hackers themselves, the Justice Department in recent years has gone after affiliates, hosting providers, money launderers, and the wide web of people and organizations that make cyberattacks possible.

“We can make the most impact when we disrupt all three together,” he said.

Not the only threat

Although Wray began his speech by sounding the alarm on Russia, he later emphasized cyberthreats from Iran, North Korea, and China — which he said has “a bigger hacking program than all other nations combined.”

“The Chinese government is methodical, hacking in support of long-term economic goals… It operates on a scale that Russia doesn’t come close to,” he said, adding that even “noisy and reckless” hacks launched by Beijing fit into a strategic plan to undermine U.S. economic and national security.

The threat is especially important given the U.S.'s relations with Taiwan, which lawmakers say could be attacked by China the same way that Russia invaded Ukraine.

“We know China is studying the Ukraine conflict intensely,” Wray said.

He also provided new details about an attempted hack targeting the Boston Children's Hospital last year, saying that it was the work of Iranian government-backed hackers. The attack, which took place in June 2021, was "one of the most despicable cyberattacks I've ever seen,” Wray added. The nationally-ranked hospital has more than 400 pediatric beds.

“We cannot let up on China or Iran or criminal syndicates while we’re focusing on Russia,” Wray said. “We’re taking on all those threats.”