Christopher A. Wray
Director
Federal Bureau of Investigation
Munich, Germany
February 15, 2024

Director Wray's Remarks at the Munich Security Conference

Remarks as prepared for delivery

It’s an honor to join all of you here today.

For the past decade, this conference has given leaders from around the world and throughout industry, academia, and government the chance not just to talk about some of the biggest challenges we face—in other words, to share the bad news about the threats we’re all seeing—but also to discuss the solutions we’ve identified for overcoming those threats—to share the good news about our way forward.

So, I’m going to do a little of both and take you through what we at the FBI are seeing—both the good and the bad. And because a speaker should always be kind to his audience, I’m going to start with the good news.
 
What Success Looks Like 
As everyone in this room knows, today’s threat environment is constantly evolving—and it’s more severe and more complex than ever before. That’s especially true when it comes to the battles being waged in cyberspace. But the good news is, we’ve learned what success looks like—because we’ve lived it, together.

For the past several years, the Bureau has been laser-focused on what I consider one of our most valuable tools, and the core of our cyber strategy, leading joint, sequenced operations, conducted with our partners—many of whom are in this room today—and designed to maximize impact on our adversaries.

And I want to take a moment to reflect on and highlight some of those successes.   

I’m talking about things like Operation Medusa, a joint, sequenced operation that included using sophisticated technical means to force Snake—the Russian FSB’s most sophisticated malware—to effectively cannibalize itself. We took down Snake in over 50 countries with the help of our U.S. and more than half a dozen foreign partners.

Another example: the year-and-a-half-long campaign we waged—with our European partners—to hack the hackers of Hive, ransomware group targeting hospitals, schools, and emergency services, whose servers and websites we seized and shut down—and whose victims we saved from tens of millions in ransom payments.

Or how about the joint, sequenced operation that dismantled Genesis Market? Where working with our law enforcement counterparts in a dozen nations, we accomplished our biggest takedown ever of criminals dealing in stolen digital credentials. 

And just this morning, we announced yet another success, Operation Dying Ember, where working with our U.S.—and, again, worldwide law enforcement partners—we ran a court-authorized technical operation to kick the Russian GRU off well over a thousand home and small business routers, and lock the door behind them, killing the GRU’s access to a botnet it was piggybacking to run cyber operations against countries around the world, including America and its allies in Europe.

With these operations, and many more like them, we’ve set our sights on all the elements that we know from experience make criminal organizations tick: their people—a term we define broadly to include not just ransomware administrators and affiliates, but their facilitators, like bulletproof hosters and money launderers; their infrastructure; their servers, botnets, etc.; and their money, the cryptocurrency wallets they use to stash their ill-gotten gains, hire associates, and lease infrastructure.

Because we don’t just want to hit them—we want to hit them everywhere it hurts, and put them down, hard.
 
Importance of Global Partnerships 
Now, you might have noticed a common theme as I rattled off those successes, and that’s how heavily we rely on our partners—both at home and overseas—to get the job done. Because as everyone here knows, none of us can go it alone.

The bad guys aren’t constrained by international borders, so we shouldn’t be, either.  

At the Bureau, we’ve been doubling down in particular on our work with the private sector, in their capacity as victims of cyberattacks, of course, because the mission of the FBI always has been—and always will be—victim-centric—but also as integral partners, who can share valuable information about threats and trends, and, increasingly, join in our operations themselves.

Of course, our closest partners remain our intelligence and law enforcement colleagues in the U.S. and abroad. And I firmly believe one of the things that gives us a competitive advantage over our adversaries—authoritarians, criminals, and the toxic blend of the two—is that in those agencies we have real partners, partners who collaborate, not because they have to, but because they want to, out of shared values and a shared commitment to the rule of law.

To keep those partnerships strong, the FBI relies on our global presence.

Our broad, international footprint includes nearly a hundred satellite offices, providing coverage for more than 180 countries, territories, and islands around the world. And within many of those offices, our dedicated and quickly-expanding cadre of cyber assistant legal attachés work side-by-side with their host-nation counterparts to combat cyber threats—and I mean side-by-side literally. Often at desks in our partners’ space, right next to them, our Cyber Action Team and a host of experts also stand ready to deploy to critical cyber incidents at a moment’s notice as they did not long ago when they helped a NATO ally determine a cyberattack targeting critical public infrastructure had originated in Iran.

When you put all of that together, you’ll find we’ve got a pretty formidable arsenal that arms our partnerships and enables the joint, sequenced operations that represent success across the world.
 
The China Threat  
So, that’s the good news—and I’d love to be able to stop there and tell you I’ve only got good news to share. But that’s not really what people expect when they invite the FBI Director to speak—and I’d hate to disappoint you all today.

So, let’s get to the bad news.

The bad news is that while all of us have gotten a lot better at working together to combat the cyber threat, our adversaries have also been improving exponentially—and the world has become more dangerous than ever.

It won’t surprise any of you to hear that chief among those adversaries is the Chinese government, which has continued to attack the economic security, national security, and sovereignty of rule-of-law nations worldwide. The cyber threat posed by the Chinese government is massive. China’s hacking program is larger than that of every other major nation, combined. And that size advantage is only magnified because the PRC uses AI—built in large part on stolen innovation and stolen data—to improve its hacking operations, including to steal yet more AI tech and data.

But the PRC cyber threat is made even more harmful by the way the Chinese government combines cyber means with traditional espionage and economic espionage, foreign malign influence, election interference, and transnational repression. In other words, the CCP is throwing its whole government at undermining the security of the rule-of-law world. It’s hitting us indiscriminately, like in the so-called “Hafnium” Microsoft Exchange hack, where the PRC compromised managed service providers, hitting tens of thousands of victims. 

And not just in the United States, but in countries all over the world.

You’ll note a theme here, in the tools Beijing uses, and who it uses them against China doesn’t partner—it bullies and it bullies targets at every level—from individuals, to businesses and organizations, to governments. The PRC uses cyber as one of its means to that end.

Your country won’t toe Beijing’s line, and insists on standing up for freedom of association and expression, or for your partners?   

You might just find illegal PRC police stations in your territory, or MSS officers in China threatening your free-thinking students’ grandparents back home. You might find your companies harassed and hacked, targeted by a web of corporate CCP proxies. You might also find PRC hackers lurking in your power stations, your phone companies, etc., poised to take them down when they decide you stepped too far out of line, and that hurting your civilian population suits the CCP. And that targeting of our critical infrastructure is something I want to take a minute to address.

It’s certainly not anything new. 

In fact, China-sponsored hackers pre-positioned for potential cyberattacks against U.S. oil and natural gas companies way back in 2011. But these days, it’s reached something closer to a fever pitch. What we’re seeing now, is China’s increasing buildout of offensive weapons within our critical infrastructure, poised to attack whenever Beijing decides the time is right.

Take, for instance, persistent PRC access the U.S. found in our critical telecommunications, energy, water, and other infrastructure. China-sponsored hackers known as Volt Typhoon were hiding inside our networks, lying in wait for the moment China might choose to use their access to hurt American civilians. And while many of you may have seen the Volt Typhoon story as one about the PRC targeting the United States, in fact their targets spanned the globe—which shouldn’t be surprising, because in hack after hack, for years, we’ve seen the PRC hitting our partners around the world.
 
Now working with our partners, the FBI was able to shut down Volt Typhoon’s access through yet another one of those joint, technical operations we talked about a few minutes ago.

But there’s a lot more PRC cyber threat—in a lot more places—out there. And we’re only going to be able to battle back effectively if we do it together. Of course by “we,” I’m referring to rule-of-law nations united against criminality and abuse. I know there are some representatives of the CCP walking around town. But I don’t mind them knowing we’re onto them.
 
Other Cyber Threats 
Of course, everyone here is well aware China is not the only adversary we’re up against.

Russia, Iran, and North Korea are also determined to use cyber means to take aim at things we all hold sacred—our freedoms, prosperity, and democratic norms.

Take for instance, the 2022 cyberattack by an Iranian-sponsored group on a children’s hospital in the United States, one that showed a callous—and, frankly, despicable—disregard for the safety of the most vulnerable among us.

Or consider Russia’s continued targeting of critical infrastructure—including underwater cables and industrial control systems both in the United States and around the world. For instance, since its unprovoked invasion of Ukraine, we’ve seen Russia conducting reconnaissance on the U.S. energy sector. And that’s a particularly worrisome trend because we know that once access is established, a hacker can switch from information gathering to attack—quickly and without notice.

After all, Russia has made murder, rape, and mayhem its stock in trade.

So, no one should question its continuing willingness to launch destructive cyberattacks before and during military conflict.
 
Conclusion  
There’s no doubt we’re up against daunting threats, and adversaries growing more sophisticated and dangerous every day. 

That’s the bad news.

But everyone in this room—across government, academia, and the private sector—has the opportunity to stand together. And we’ve proven what we can accomplish together when we do.

That’s the good news.

We can make joint use of our collective expertise, capabilities, and authorities. And we should remember and capitalize on what sets us apart from our adversaries—our mutual trust, our shared values, and our desire to work together to keep people safe. That is how we’re going to stay ahead of the cyber threat. And at the FBI, we’re honored to stand alongside you in this fight.

Thank you.