March 11, 2024 By Mark Stone 3 min read

The Department of Justice (DOJ) is ramping up efforts focused on disrupting cyber criminal organizations operating within and outside of United States borders.

The dismantling of Volt Typhoon, a prolific hacker collective, marked a turning point in the DOJ’s offensive against cyber crime syndicates. The group was notorious for its brazen cryptocurrency scams and heists.

Through coordinated global law enforcement efforts, individuals linked to the organization were apprehended, assets were frozen and critical infrastructure was seized. The success of the operations sets a precedent and demonstrates the power of international cooperation and the potential for effective countermeasures against sophisticated cyberattacks.

The elaborate operation involved the disruption of a botnet controlled by the People’s Republic of China. This botnet was used to conceal hacking operations against critical infrastructure, highlighting the direct link between cyberattacks and national security threats. The impact of this operation was twofold: it neutralized a significant threat and also sent a clear message to state-sponsored actors about the U.S.’s capability and willingness to act against cyber espionage.

A temperature check

The takedown of Volt Typhoon is just one example of how the DOJ has continued to make significant strides in disrupting hacker groups.

Yet there are still many obstacles that show no sign of letting up, including:

The evolving nature of threats: Cyber crime is notoriously fluid. Groups disband, splinter and rebrand, creating a never-ending challenge for law enforcement. While certain notorious hacker collectives may cease operations, new entities often emerge, continuing the cycle of digital threats.

Difficulty with prosecutions: The DOJ reports an escalating number of prosecutions linked to cyber crimes, suggesting a more aggressive response. However, successful prosecution relies on tangible evidence, attribution and the ability to apprehend suspects — difficult when threat actors hide behind layers of anonymity and operate across jurisdictions.

Global collaboration: As cyber crime transcends borders, effective countermeasures depend on international cooperation. The extradition of criminals linked to hacking organizations often involves complex legal pathways and a commitment to collaboration from countries around the world.

Read the Definitive Guide to Ransomware

Key success stories

Beyond Volt Typhoon, here are some notable ransomware hacker groups facing consequences as a result of efforts by the DOJ and its counterparts.

Hive Ransomware: Responsible for attacks on hospitals and healthcare providers, the Hive ransomware gang was shut down following an international infiltration operation. Their decryption keys were obtained, allowing victims to regain access to vital systems.

NetWalker Ransomware: A highly lucrative operation responsible for attacks on schools and hospitals met a similar fate. International arrests and infrastructure seizures helped disrupt their activities.

REvil: Also known as Sodinokibi, this ransomware gang was once notorious for high-profile attacks against large corporations. A targeted international response managed to disrupt its operations and resulted in the arrest of alleged actors.

Future outlook: Cautious optimism

While it’s clear the DOJ and its law enforcement partners like the FBI have scored wins in the fight against cyber crime, caution is still necessary. We’re seeing increased prosecutions and significant disruptions, but the threat posed by hacker groups remains very real. New organizations with unique tactics are likely to emerge, requiring an agile and flexible approach to countering them. Ongoing high-profile hacks against organizations of all sizes underscores the evolving nature of the challenge.

Ultimately, the DOJ’s actions signal a clear focus on countering cyber criminal organizations. The dismantling of hacker groups, alongside international arrests and the recovery of stolen assets, serves as a deterrent and a demonstration of law enforcement capabilities. The battle against cyber crime rages on, but big wins like the Volt Typhoon takedown may indicate a positive shift in the right direction.

To learn how IBM X-Force can help you with anything regarding cybersecurity including incident response, threat intelligence, or offensive security services schedule a meeting here.

If you are experiencing cybersecurity issues or an incident, contact X-Force to help: US hotline 1-888-241-9812 | Global hotline (+001) 312-212-8034.

More from News

CISA releases landmark cyber incident reporting proposal

2 min read - Due to ongoing cyberattacks and threats, critical infrastructure organizations have been on high alert. Now, the Cybersecurity and Infrastructure Security Agency (CISA) has introduced a draft of landmark regulation outlining how organizations will be required to report cyber incidents to the federal government.The 447-page Notice of Proposed Rulemaking (NPRM) has been released and is open for public feedback through the Federal Register. CISA was required to develop this report by the Cyber Incident Reporting for Critical Infrastructure Act of 2022…

Recent developments and updates in Biden cyber policy

3 min read - The White House recently released its budget for the 2025 fiscal year, which supports the government’s commitment to cybersecurity. The cybersecurity funding allocations line up with the FY 2025 cybersecurity spending priorities released last year that included the following pillars: Defend critical infrastructure Disrupt and dismantle threat actors Shape market forces to drive security and resilience Invest in a resilient future Forge international partnerships to pursue shared goals. In 2023, the White House released a 35-page document detailing the new…

Change Healthcare cyberattack causes dire billing crisis

3 min read - Last month’s cyberattack on Change Healthcare, a sizable unit of UnitedHealth Group, brought new repercussions rarely seen in a cyberattack. As a result of the threat actor’s actions, healthcare systems and providers suffered cash flow issues, which resulted in providers being unable to pay their rent, owners dipping into their personal savings and patients being prevented from receiving important medications. Most importantly, patients are unable to get insurance approval for procedures, surgeries and prescriptions, which can affect their health outcomes.…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today