DOJ establishes cybercrime enforcement unit as U.S. prophecies mount over Chinese hacking

June 26, 2023: On Tuesday, the U.S. Department of Justice reported a new unit within its National Security Division focused on pursuing cyber threats from nation-state and state-backed hackers, formalizing an increasingly important part of the national security device into the Justice Department’s hierarchy.

In a statement, Assistant Attorney General Matt Olsen said the new unit would permit the DOJ’s national security team “to increase the scale and speed of disruption campaigns and prosecutions of nation-state threat actors, state-sponsored cybercriminals, associated money launderers, and other cyber-enabled threats to national security.”

The DOJ has aggressively pursued state-backed cyber actors, especially those in China or North Korea. National security officials outside the DOJ have also emphasized China as a top cybersecurity concern, including the U.S.′ top cybersecurity official.

The announcement did not mention Chinese cyber efforts, which CISA Director Jen Easterly described last week as an “epoch-defining threat.” But in a separate event Tuesday at the Hoover Institution at Stanford University, Olsen emphasized the work that the DOJ has been doing to combat Chinese cyber efforts.

“China has compromised telecommunications firms,” Olsen said at the event. “It conducts cyber intrusions targeting journalists and dissidents to suppress the free flow of information. And the PRC can launch cyberattacks that could disrupt U.S. critical infrastructure.”

Concerns over corporate and industrial espionage have long been a concern for top government and corporate executives, especially as Chinese concerns seek to leapfrog and develop equivalent technology, allegedly off the backs of U.S. innovation or research.

In the previous month, the Secretary of the Navy confirmed the Navy had been “impacted” by a China-backed hacking group seeking intelligence and data.

The release did emphasize the threat posed by Russian malware and ransomware groups, which researchers and practitioners characterize as potent but less coordinated and less strategic than incursions from China.

While Chinese hacking groups have “lived off the land,” gathering intelligence and data, Russian and North Korean groups often seek to extort their victims for profit, generating revenue for themselves or their governments.

Building cases against those groups can take years and don’t always result in an arrest, given the far-flung nature of the hacking groups.

“NatSec Cyber will serve as an incubator, able to invest in the time-intensive and complex investigative work for early-stage cases,” Olsen said.