Chinese Hackers Outnumber U.S. Security Pros by 50 to 1: FBI Director at mWISE
FBI director Christopher Wray revealed that China has the biggest hacking program in the world.
- FBI director Christopher Wray called for higher collaboration among public and private organizations to effectively counter cybersecurity threats emerging from China.
- Wray said China’s hacking program outnumbers the U.S. by 50:1.
At the ongoing mWISE 2023 security conference, FBI director Christopher Wray revealed that China has the biggest hacking program in the world. China’s nation-state cyber program, Wray said, is so big that it eclipses that of all other countries combined.
“If each one of the FBI’s cyber agents and intelligence analysts focused on China exclusively, Chinese hackers would still outnumber our cyber personnel by at least 50 to 1,” Wray said, uncovering a grim picture of the state of cybersecurity affairs.
China has long been suspected of and found to be engaging state-sponsored cyber actors in data-driven infiltration, intellectual property theft, among other malicious activities. Most recently, Microsoft disclosed that Chinese threat actors hacked the emails of over two dozen government officials and related consumer accounts across the U.S. and Western Europe.
Microsoft’s email clients are particularly interesting to Chinese state-sponsored hackers, including Hafnium, which was discovered to have exploited four in early 2021 to hack into the Exchange email servers.
In one of the other scandalous activities, security researchers at Cybereason disclosed Operation CuckooBees in May 2022. Operation CuckooBees was a cyberespionage campaign to encourage the theft of proprietary information, trade secrets, R&D documents, source code and blueprints for various technologies, etc.
The Winnti Advanced Persistent Threat (APT) group, associated with the Chinese state, conducted the multi-year cyberespionage campaign since at least 2019. Chinese threat actors also sought to exploit the SolarWinds Orion vulnerability.
In 2023, the lion’s share of the 62 zero-day exploitations that Mandiant observed were traced to China, disclosed Ben Reed, head of cyber espionage analysis at Mandiant.
The U.S. government has ramped up efforts in its counteroffensive against cybercrime. For instance, the White House under president Joe Biden has asked for $26.2 billion from Congress as cybersecurity funding for the 2024 fiscal year, significantly higher than the $15.6 billion from FY 2023.
See More: Why Companies Are Investing in Cyber Resilience More Than Ever Today
The FBI has notably been busy in the past few years, taking down the REvil/Sodinokibi ransomware gang, the Emotet botnet, the Hive ransomware syndicate, and the Qakbot malware.
However, “it’s becoming increasingly difficult to discern where cybercriminal activity ends and adversarial nation-state activity begin,” Wray added at Google-owned Mandiant’s annual mWISE conference.
As such, he called for increased participation from the private sector in combating cyber threats. “We know the private sector hasn’t always been excited about working with federal law enforcement. But when you contact us about an intrusion, we won’t be showing up in raid jackets.”
“Instead, we’ll treat you like the victims you are – just like we treat all victims of crimes.”
mWISE Conference 2023 is a three-day cybersecurity from September 18-20 in Washington, DC.
Is public-private partnership key to tackling cyber threats from China? Share your thoughts on LinkedIn, Twitter, or Facebook. We’d love to hear from you!
Image source: Shutterstock
MORE ON CYBERSECURITY
