Hackers sponsored by the Iranian regime attempted a cyberattack against the Boston Children’s Hospital last year, revealed FBI Director Christopher Wray at a June 1 cyber security conference in Massachusetts.
“In fact, in the summer of 2021, hackers sponsored by the Iranian government tried to conduct one of the most despicable cyberattacks I’ve seen—right here in Boston—when they decided to go after Boston Children’s Hospital,” Wray said. Earlier in March, Wray had mentioned an unnamed children’s hospital being targeted by Iranian hackers.
According to Wray, the FBI received a report from one of their “intelligence partners” indicating that the hospital was about to be targeted. The FBI Boston cyber squad rushed to inform the hospital, and the danger was stopped. “We were able to help them ID and then mitigate the threat.”
Wray added that “quick actions by everyone involved” protected the hospital network and “the sick kids who depend on it.”
Details of the attack were part of a speech on cyber threats from Russia, China, and Iran, and the role of the FBI in handling the persistent barrage of attacks.
Wray said the hospital and FBI worked earlier on a series of attacks in 2014 when a hacktivist attacked the facility resulting in tens of thousands of dollars in costs and disrupting operations for days.
The individual was caught and sentenced to 10 years in prison. The hospital and the FBI have since worked closely together, which helped in dealing with the latest attack promptly.
Besides this, Wray talked about how the organization “disrupted a botnet” by Russian agents who were behind some of the most destructive malware ever to be deployed, NotPetya, and attacked the Ukrainian electric grid in 2015, among other international targets.
The “accumulated investigative work” done by the agency along with partners have established “connections, motives, and tactics” that give a basis for “holding the Russian government accountable,” he said.
But “as broad as Russia’s potential cyber accesses across the country may be, they pale in comparison to China’s.”
The Chinese regime operates on a much larger scale, and is extremely methodical and focused on long-term strategic plans to undermine U.S. economic goals and national security.
“They’ve got a bigger hacking program than all other major nations combined. They’ve stolen more American personal and corporate data than all nations combined. And they’re showing no sign of tempering their ambition and aggression.”
All companies operating on the mainland—including American and foreign—offer a “blanket consent to state surveillance,” an advantage not shared by Russia.
Installing state-sponsored malware is part of complying with Chinese law.
“It’s really a whole-of-government operation to steal research and proprietary secrets from U.S. companies and then undercut prices on the global market. So that companies that play by the rules can’t compete.”
Besides cyber secrets, the Chinese actors target other sectors like agriculture, “sneaking into fields to dig up proprietary, experimental, genetically modified seeds.” They make use of human spies on the ground to assist hackers back in China.
Targeting vulnerabilities in Microsoft Exchange Server software, Chinese hackers compromised over 10,000 U.S. networks, as well as implanting shells with malicious code that “created a backdoor and gave them continued remote access to the victims’ networks.”
Wray said that a “surgical, court-authorized operation” was needed to remove the harmful code from hundreds of vulnerable computers. “The Chinese government remains a prolific and effective cyber espionage threat.”
The FBI is working with like-minded countries to go after people responsible for damaging ransomware schemes. The agency is also working on taking down “cybercriminals’ technical infrastructure” and effectively disrupting their operations.
Finally, Wray mentioned the agency seizing the criminals’ financial assets like virtual wallets, and shutting down illicit currency exchanges.
The FBI has extended global operations to include nearly 80 more countries within its partnership network.
The agency recommends an incident response plan to all companies that operate online, and to include contacting the local FBI field office as part of that plan, before an attack occurs.