This post is also available in: עברית (Hebrew)
The U.S. Department of Justice (DoJ) announced a new unit within the National Security Division that will focus on pursuing cyber threats from nation-state and state-backed hackers. This announcement formalizes a significant part of the national security apparatus into the Justice Department’s hierarchy.
Assistant Attorney General Matt Olsen stated that the new unit would allow the DoJ’s national security team “to increase the scale and speed of disruption campaigns and prosecutions of nation-state threat actors, state-sponsored cybercriminals, associated money launderers, and other cyber-enabled threats to national security.”
So far, the DOJ has aggressively pursued state-backed cyber actors, specifically the ones in China or North Korea. National security officials outside the DOJ have also emphasized China as a top cybersecurity concern.
“China has compromised telecommunications firms,” Olsen said at an event at the Hoover Institution at Stanford University. “It conducts cyber intrusions targeting journalists and dissidents in order to suppress the free flow of information. And the PRC is capable of launching cyberattacks that could disrupt U.S. critical infrastructure.”
Corporate and industrial espionage have been a concern for top government and corporate executives for a long time, especially as China seeks to develop equivalent technology, allegedly off the backs of U.S. innovation or research.
The announcement also emphasized the threat posed by Russian malware and ransomware groups, which researchers and experts characterized as potent but less coordinated and less strategic than incursions from China.
According to CNBC, while Chinese hacking groups have gathered intelligence and data, Russian and North Korean groups often seek to extort their victims for profit, generating revenue for themselves or their governments.
Given the distant nature of such attack groups, building cases against them can take years and doesn’t always result in an arrest. Olsen stated that “NatSec Cyber will serve as an incubator, able to invest in the time-intensive and complex investigative work for early-stage cases”.