March 11, 2024 By Mark Stone 3 min read

The Department of Justice (DOJ) is ramping up efforts focused on disrupting cyber criminal organizations operating within and outside of United States borders.

The dismantling of Volt Typhoon, a prolific hacker collective, marked a turning point in the DOJ’s offensive against cyber crime syndicates. The group was notorious for its brazen cryptocurrency scams and heists.

Through coordinated global law enforcement efforts, individuals linked to the organization were apprehended, assets were frozen and critical infrastructure was seized. The success of the operations sets a precedent and demonstrates the power of international cooperation and the potential for effective countermeasures against sophisticated cyberattacks.

The elaborate operation involved the disruption of a botnet controlled by the People’s Republic of China. This botnet was used to conceal hacking operations against critical infrastructure, highlighting the direct link between cyberattacks and national security threats. The impact of this operation was twofold: it neutralized a significant threat and also sent a clear message to state-sponsored actors about the U.S.’s capability and willingness to act against cyber espionage.

A temperature check

The takedown of Volt Typhoon is just one example of how the DOJ has continued to make significant strides in disrupting hacker groups.

Yet there are still many obstacles that show no sign of letting up, including:

The evolving nature of threats: Cyber crime is notoriously fluid. Groups disband, splinter and rebrand, creating a never-ending challenge for law enforcement. While certain notorious hacker collectives may cease operations, new entities often emerge, continuing the cycle of digital threats.

Difficulty with prosecutions: The DOJ reports an escalating number of prosecutions linked to cyber crimes, suggesting a more aggressive response. However, successful prosecution relies on tangible evidence, attribution and the ability to apprehend suspects — difficult when threat actors hide behind layers of anonymity and operate across jurisdictions.

Global collaboration: As cyber crime transcends borders, effective countermeasures depend on international cooperation. The extradition of criminals linked to hacking organizations often involves complex legal pathways and a commitment to collaboration from countries around the world.

Read the Definitive Guide to Ransomware

Key success stories

Beyond Volt Typhoon, here are some notable ransomware hacker groups facing consequences as a result of efforts by the DOJ and its counterparts.

Hive Ransomware: Responsible for attacks on hospitals and healthcare providers, the Hive ransomware gang was shut down following an international infiltration operation. Their decryption keys were obtained, allowing victims to regain access to vital systems.

NetWalker Ransomware: A highly lucrative operation responsible for attacks on schools and hospitals met a similar fate. International arrests and infrastructure seizures helped disrupt their activities.

REvil: Also known as Sodinokibi, this ransomware gang was once notorious for high-profile attacks against large corporations. A targeted international response managed to disrupt its operations and resulted in the arrest of alleged actors.

Future outlook: Cautious optimism

While it’s clear the DOJ and its law enforcement partners like the FBI have scored wins in the fight against cyber crime, caution is still necessary. We’re seeing increased prosecutions and significant disruptions, but the threat posed by hacker groups remains very real. New organizations with unique tactics are likely to emerge, requiring an agile and flexible approach to countering them. Ongoing high-profile hacks against organizations of all sizes underscores the evolving nature of the challenge.

Ultimately, the DOJ’s actions signal a clear focus on countering cyber criminal organizations. The dismantling of hacker groups, alongside international arrests and the recovery of stolen assets, serves as a deterrent and a demonstration of law enforcement capabilities. The battle against cyber crime rages on, but big wins like the Volt Typhoon takedown may indicate a positive shift in the right direction.

To learn how IBM X-Force can help you with anything regarding cybersecurity including incident response, threat intelligence, or offensive security services schedule a meeting here.

If you are experiencing cybersecurity issues or an incident, contact X-Force to help: US hotline 1-888-241-9812 | Global hotline (+001) 312-212-8034.

More from News

DHS: Guidance for AI in critical infrastructure

3 min read - At the end of 2024, we've reached a moment in artificial intelligence (AI) development where government involvement can help shape the trajectory of this extremely pervasive technology.In the most recent example, the Department of Homeland Security (DHS) has released what it calls a "first-of-its-kind" framework designed to ensure the safe and secure deployment of AI across critical infrastructure sectors. The framework could be the catalyst for what could become a comprehensive set of regulatory measures, as it brings into focus…

Apple Intelligence raises stakes in privacy and security

3 min read - Apple’s latest innovation, Apple Intelligence, is redefining what’s possible in consumer technology. Integrated into iOS 18.1, iPadOS 18.1 and macOS Sequoia 15.1, this milestone puts advanced artificial intelligence (AI) tools directly in the hands of millions. Beyond being a breakthrough for personal convenience, it represents an enormous economic opportunity. But the bold step into accessible AI comes with critical questions about security, privacy and the risks of real-time decision-making in users’ most private digital spaces. AI in every pocket Having…

FYSA – Adobe Cold Fusion Path Traversal Vulnerability

2 min read - Summary Adobe has released a security bulletin (APSB24-107) addressing an arbitrary file system read vulnerability in ColdFusion, a web application server. The vulnerability, identified as CVE-2024-53961, can be exploited to read arbitrary files on the system, potentially leading to unauthorized access and data exposure. Threat Topography Threat Type: Arbitrary File System Read Industries Impacted: Technology, Software, and Web Development Geolocation: Global Environment Impact: Web servers running ColdFusion 2021 and 2023 are vulnerable Overview X-Force Incident Command is monitoring the disclosure…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today