The Department of Justice (DOJ) is ramping up efforts focused on disrupting cyber criminal organizations operating within and outside of United States borders.

The dismantling of Volt Typhoon, a prolific hacker collective, marked a turning point in the DOJ’s offensive against cyber crime syndicates. The group was notorious for its brazen cryptocurrency scams and heists.

Through coordinated global law enforcement efforts, individuals linked to the organization were apprehended, assets were frozen and critical infrastructure was seized. The success of the operations sets a precedent and demonstrates the power of international cooperation and the potential for effective countermeasures against sophisticated cyberattacks.

The elaborate operation involved the disruption of a botnet controlled by the People’s Republic of China. This botnet was used to conceal hacking operations against critical infrastructure, highlighting the direct link between cyberattacks and national security threats. The impact of this operation was twofold: it neutralized a significant threat and also sent a clear message to state-sponsored actors about the U.S.’s capability and willingness to act against cyber espionage.

A temperature check

The takedown of Volt Typhoon is just one example of how the DOJ has continued to make significant strides in disrupting hacker groups.

Yet there are still many obstacles that show no sign of letting up, including:

The evolving nature of threats: Cyber crime is notoriously fluid. Groups disband, splinter and rebrand, creating a never-ending challenge for law enforcement. While certain notorious hacker collectives may cease operations, new entities often emerge, continuing the cycle of digital threats.

Difficulty with prosecutions: The DOJ reports an escalating number of prosecutions linked to cyber crimes, suggesting a more aggressive response. However, successful prosecution relies on tangible evidence, attribution and the ability to apprehend suspects — difficult when threat actors hide behind layers of anonymity and operate across jurisdictions.

Global collaboration: As cyber crime transcends borders, effective countermeasures depend on international cooperation. The extradition of criminals linked to hacking organizations often involves complex legal pathways and a commitment to collaboration from countries around the world.

Key success stories

Beyond Volt Typhoon, here are some notable ransomware hacker groups facing consequences as a result of efforts by the DOJ and its counterparts.

Hive Ransomware: Responsible for attacks on hospitals and healthcare providers, the Hive ransomware gang was shut down following an international infiltration operation. Their decryption keys were obtained, allowing victims to regain access to vital systems.

NetWalker Ransomware: A highly lucrative operation responsible for attacks on schools and hospitals met a similar fate. International arrests and infrastructure seizures helped disrupt their activities.

REvil: Also known as Sodinokibi, this ransomware gang was once notorious for high-profile attacks against large corporations. A targeted international response managed to disrupt its operations and resulted in the arrest of alleged actors.

Future outlook: Cautious optimism

While it’s clear the DOJ and its law enforcement partners like the FBI have scored wins in the fight against cyber crime, caution is still necessary. We’re seeing increased prosecutions and significant disruptions, but the threat posed by hacker groups remains very real. New organizations with unique tactics are likely to emerge, requiring an agile and flexible approach to countering them. Ongoing high-profile hacks against organizations of all sizes underscores the evolving nature of the challenge.

Ultimately, the DOJ’s actions signal a clear focus on countering cyber criminal organizations. The dismantling of hacker groups, alongside international arrests and the recovery of stolen assets, serves as a deterrent and a demonstration of law enforcement capabilities. The battle against cyber crime rages on, but big wins like the Volt Typhoon takedown may indicate a positive shift in the right direction.

To learn how IBM X-Force can help you with anything regarding cybersecurity including incident response, threat intelligence, or offensive security services schedule a meeting here.

If you are experiencing cybersecurity issues or an incident, contact X-Force to help: US hotline 1-888-241-9812 | Global hotline (+001) 312-212-8034.