FBI Director Christopher Wray urged private sector organizations to help the agency by coming forward with information regarding malicious cyber activity.
Wray told attendees at Mandiant’s annual mWISE 2023 conference Monday that many of the agency’s successful cyber operations in recent years were accomplished with the assistance of private sector partners. He emphasized organization would be treated properly as victims of malicious actors and not punished for their cooperation.
“We know the private sector hasn’t always been excited about working with federal law enforcement, but when you contact us about an intrusion, we won’t be showing up in raid jackets,” Wray told conference attendees. “Instead we’ll treat you like the victims you are – just like we treat all victims of crimes.”
The speech comes amid a wave of attacks from criminal ransomware groups and state-linked threat actors targeting the U.S. and allied organizations. It also comes as U.S. cybersecurity regulation is changing with new rules in place directing incident disclosure for public companies.
Wray noted the FBI is seeing significant threat activity from the People’s Republic of China, which has used cyber to steal intellectual property and other data from U.S. companies and other organizations.
The PRC has a larger hacking program than every other nation-state combined, Wray said, but significant, "relentless" threats exist from Russia, North Korea and Iran.
Wray cited recent criminal and state-linked operations, including the disruption of the Cyclops Blink botnet in 2022. In that operation, a Russia-linked threat actor called Sandworm used malware to infect thousands of firewall devices around the world.
The FBI alerted WatchGuard Technologies and reverse engineered the malware. In a more recent case, the FBI disrupted Qakbot, which had compromised financial institutions, a medical device manufacturer and a critical infrastructure provider in the U.S.
Qakbot had infected more than 200,000 computers in the U.S