March 11, 2024 By Mark Stone 3 min read

The Department of Justice (DOJ) is ramping up efforts focused on disrupting cyber criminal organizations operating within and outside of United States borders.

The dismantling of Volt Typhoon, a prolific hacker collective, marked a turning point in the DOJ’s offensive against cyber crime syndicates. The group was notorious for its brazen cryptocurrency scams and heists.

Through coordinated global law enforcement efforts, individuals linked to the organization were apprehended, assets were frozen and critical infrastructure was seized. The success of the operations sets a precedent and demonstrates the power of international cooperation and the potential for effective countermeasures against sophisticated cyberattacks.

The elaborate operation involved the disruption of a botnet controlled by the People’s Republic of China. This botnet was used to conceal hacking operations against critical infrastructure, highlighting the direct link between cyberattacks and national security threats. The impact of this operation was twofold: it neutralized a significant threat and also sent a clear message to state-sponsored actors about the U.S.’s capability and willingness to act against cyber espionage.

A temperature check

The takedown of Volt Typhoon is just one example of how the DOJ has continued to make significant strides in disrupting hacker groups.

Yet there are still many obstacles that show no sign of letting up, including:

The evolving nature of threats: Cyber crime is notoriously fluid. Groups disband, splinter and rebrand, creating a never-ending challenge for law enforcement. While certain notorious hacker collectives may cease operations, new entities often emerge, continuing the cycle of digital threats.

Difficulty with prosecutions: The DOJ reports an escalating number of prosecutions linked to cyber crimes, suggesting a more aggressive response. However, successful prosecution relies on tangible evidence, attribution and the ability to apprehend suspects — difficult when threat actors hide behind layers of anonymity and operate across jurisdictions.

Global collaboration: As cyber crime transcends borders, effective countermeasures depend on international cooperation. The extradition of criminals linked to hacking organizations often involves complex legal pathways and a commitment to collaboration from countries around the world.

Read the Definitive Guide to Ransomware

Key success stories

Beyond Volt Typhoon, here are some notable ransomware hacker groups facing consequences as a result of efforts by the DOJ and its counterparts.

Hive Ransomware: Responsible for attacks on hospitals and healthcare providers, the Hive ransomware gang was shut down following an international infiltration operation. Their decryption keys were obtained, allowing victims to regain access to vital systems.

NetWalker Ransomware: A highly lucrative operation responsible for attacks on schools and hospitals met a similar fate. International arrests and infrastructure seizures helped disrupt their activities.

REvil: Also known as Sodinokibi, this ransomware gang was once notorious for high-profile attacks against large corporations. A targeted international response managed to disrupt its operations and resulted in the arrest of alleged actors.

Future outlook: Cautious optimism

While it’s clear the DOJ and its law enforcement partners like the FBI have scored wins in the fight against cyber crime, caution is still necessary. We’re seeing increased prosecutions and significant disruptions, but the threat posed by hacker groups remains very real. New organizations with unique tactics are likely to emerge, requiring an agile and flexible approach to countering them. Ongoing high-profile hacks against organizations of all sizes underscores the evolving nature of the challenge.

Ultimately, the DOJ’s actions signal a clear focus on countering cyber criminal organizations. The dismantling of hacker groups, alongside international arrests and the recovery of stolen assets, serves as a deterrent and a demonstration of law enforcement capabilities. The battle against cyber crime rages on, but big wins like the Volt Typhoon takedown may indicate a positive shift in the right direction.

To learn how IBM X-Force can help you with anything regarding cybersecurity including incident response, threat intelligence, or offensive security services schedule a meeting here.

If you are experiencing cybersecurity issues or an incident, contact X-Force to help: US hotline 1-888-241-9812 | Global hotline (+001) 312-212-8034.

More from News

New memo reveals Biden’s cybersecurity priorities through fiscal year 2026

2 min read - On July 10, 2024, the White House released a new memo regarding the Biden administration’s cybersecurity investment priorities, initially proposed in July 2022. This new memorandum now marks the third time the Office of the National Cyber Director (ONCD), headed by Harry Coker, has released updated priorities and outlined procedures regarding the five core pillars of the National Cybersecurity Strategy Implementation Plan (NCSIP), now relevant through fiscal year 2026. Key highlights from the FY26 memorandum In the latest annual version…

Hackers are increasingly targeting auto dealers

3 min read - Update as of July 11, 2024 In late June, more than 15,000 car dealerships across North America were affected by a cyberattack on CDK Global, which provides software to car dealers. After two cyberattacks over two days, CDK shut down all systems, which caused delays for car buyers and disruptions for the dealerships. Many dealerships went back to manual processes, including handwriting up orders, so that sales could continue at a slower pace. Car buyers who recently bought a car from…

CISA director says banning ransomware payments is off the table

3 min read - The FBI, CISA and NSA all strongly advise against organizations making ransomware payments if they fall victim to ransomware attacks. If so, why not place a ban on paying ransomware demands? The topic came up at a recent Oxford Cyber Forum. Jen Easterly, Director of CISA, commented on the issue, saying, “I think within our system in the U.S. — just from a practical perspective — I don’t see it happening.” It’s unlikely this was a purely spontaneous remark as the…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today