An Analysis of FBI Director Chris Wray’s Briefing on January 31, 2024

I’ve listened to FBI Director Wray’s briefing on the imminent threat from China several times. I wanted to share first a brief of the briefing and then share my thoughts on what each main point means and how we as a cybersecurity community might approach it.

• During a House committee hearing on Wednesday, FBI Director Christopher Wray revealed that hackers associated with the Chinese government are strategically poised to launch cyberattacks on vital infrastructure entities within the United States.
• In the same briefing, the FBI and the Department of Justice announced the successful court-sanctioned disruption of a botnet associated with last year’s Volt Typhoon cyber campaign, a detail highlighted in Director Christopher Wray’s testimony. This botnet, known as the KV Botnet, had infected hundreds of small office and home office routers across the United States. The hackers intended to use these compromised routers as a springboard to launch targeted attacks on critical infrastructure provide

Threat is imminent

The recent public briefing by FBI Director Christopher Wray, detailing the cybersecurity threats posed by China, marks a significant departure from the usual narrative and underscores the seriousness of the situation. Traditionally, cybersecurity experts and professionals have shared anecdotal evidence of encounters with Chinese Advanced Persistent Threat (APT) groups, often framing these encounters as battles from which they emerged victorious. However, the detailed disclosure by the FBI Director takes this narrative a step further, highlighting not just the potential but the imminent nature of these threats.

Director Wray’s choice of words, particularly the phrase “when they are ready,” suggests a deliberate intention to convey the inevitability of an attack, rather than its mere possibility. This shift in messaging is critical in understanding the level of preparedness and intent of the Chinese entities involved. The reference to “critical infrastructure” encompasses a broad spectrum of essential services and systems, including financial services, power grids, healthcare systems, public transportation, and supply chains for essential goods such as fuel and food. This wide-ranging definition recalls recent cyber incidents, such as the Colonial Pipeline and JBS meat attacks, which at the time may have seemed like isolated events but, in hindsight, appear to be part of a larger pattern of reconnaissance and preparation.

Director Wray’s briefing can thus be seen as an update on the culmination of years of observation, planning, and potential practice runs by these threat actors, now backed and possibly orchestrated by the Chinese government. The explicit acknowledgment of these threats at such a high level of government communication serves as a clarion call to the cybersecurity community and the nation as a whole, emphasizing the need for heightened vigilance and preparedness against what is being framed not as a possibility, but as an impending certainty.

The Focus On Home and Small Office Routers — A Chilling Reality

The FBI’s emphasis on the widespread nature of attacks on home routers and devices, especially as launchpads for targeting government and corporate networks, underscores a concern many raised during the peak of COVID-19: the unprecedented shift to remote work. With a significant portion of the workforce, including government and private sector employees, accessing company networks from home, often via VPNs, the security vulnerabilities inherent in home networks have come into sharp focus. Unlike the fortified defenses of corporate networks, equipped with advanced firewalls, intrusion detection systems (IDS), and dedicated cybersecurity teams, home networks are comparatively easier targets for cybercriminals.

This vulnerability has not only highlighted the adaptability of cyber attackers, who have increasingly turned their attention to softer targets at the home front, but it also reflects a strategic pivot. Particularly, there’s been a noticeable shift in focus by some state-sponsored actors towards exploiting these home-based vulnerabilities, recognizing the potential for significant breaches through less guarded entry points.

This evolution in cyber threat tactics is both enlightening and concerning. It signals a critical juncture for leaders within the cybersecurity community to amplify our efforts in raising awareness and educating not just organizations but also individuals about the importance of securing home networks. As remote work continues to be a significant aspect of our professional lives, the collective responsibility to fortify these new perimeters against cyber threats has never been more paramount.

The FBI’s emphasis on the widespread nature of attacks on home routers and devices, especially as launchpads for targeting government and corporate networks, underscores a concern many raised during the peak of COVID-19: the unprecedented shift to remote work. With a significant portion of the workforce, including government and private sector employees, accessing company networks from home, often via VPNs, the security vulnerabilities inherent in home networks have come into sharp focus. Unlike the fortified defenses of corporate networks, equipped with advanced firewalls, intrusion detection systems (IDS), and dedicated cybersecurity teams, home networks are comparatively easier targets for cybercriminals.

This vulnerability has not only highlighted the adaptability of cyber attackers, who have increasingly turned their attention to softer targets at the home front, but it also reflects a strategic pivot. Particularly, there’s been a noticeable shift in focus by some state-sponsored actors towards exploiting these home-based vulnerabilities, recognizing the potential for significant breaches through less guarded entry points.

This evolution in cyber threat tactics is both enlightening and concerning. It signals a critical juncture for leaders within the cybersecurity community to amplify our efforts in raising awareness and educating not just organizations but also individuals about the importance of securing home networks. As remote work continues to be a significant aspect of our professional lives, the collective responsibility to fortify these new perimeters against cyber threats has never been more paramount. If the FBI is right it seems the Chinese government has taken advantage of these events and positioned themselves perfectly to take advantage of it. We should all stay tuned.