Offensive cyber operations conducted by the U.S. have been touted by FBI and Justice Department officials as crucial in disrupting Chinese threat operation Hafnium and Russia's Cyclops Blink botnet over the past two years, reports The Record, a news site by cybersecurity firm Recorded Future.
"The Bureau and DOJ [have] been criticized publicly about those actions because its an overstep of privacy, but I think its important to understand what's behind them. In all these scenarios, we published multiple cybersecurity advisories in tandem with the mitigation and remediation guidance from the affected vendor," said FBI Cyber Division Assistant Director Bryan Vorndran.
Vorndran added that the operations, which in the case of Hafnium involved base infrastructure infiltration and in the case of Cyclops Blink entailed malware removal from edge routers, resulted in a significant decline in victims.
Meanwhile, Justice Department Deputy Assistant Attorney General Adam Hickey emphasized that both offensive cyber operations were done as a last resort.
"We tend to use them when merely sharing information with the private sector or public isn't enough to help people clean up the malware on their computers," added Hickey.
Numerous government, political, and academic organizations in South Korea have been targeted by the Chinese state-backed advanced persistent threat operation TAG-74 as part of a "multi-year" cyberespionage campaign part of China's intellectual property theft and influence operations, The Hacker News reports.
BleepingComputer reports that vulnerable Openfire messaging servers impacted by the already addressed high-severity authentication bypass flaw, tracked as CVE-2023-32315, are being subjected to ongoing attacks aimed at ransomware encryption and cryptominer distribution.
Ukraine's Prosecutor General's Office and other departments involved in war crimes documentation have been facing mounting cyberattacks from Russian state-sponsored threat operations looking to obtain evidence regarding such crimes, which is a sharp contrast from the previous targeting of energy facilities, Reuters reports.