He told a packed room of analysts and cybersecurity professionals at Mandiant’s mWise Conference in Washington that cybercriminal activity is becoming increasingly difficult to differentiate from adversarial nation-state activity. Google owns Mandiant.

Alongside international and domestic law enforcement, Wray and the FBI have disrupted the Qakbot botnet and the Hive ransomware group. Deputy Director Wray said artificial intelligence may aid Chinese cyber intelligence operations in overpowering U.S. defenses, and reiterated that Chinese hackers outnumber FBI cyber and intelligence agents by at least 50 to 1.

According to Wray, criminals and hostile governments have already exploited the technology. “China is poised to use the fruits of its widespread hacking to power, with AI, even more powerful hacking efforts,” he said.

Influence campaigns on major social networks in China have been linked to state-affiliated groups. However, there are also attacks coming from other countries. A North Korean hacking group, for example, often aims to generate revenue for the government while gathering espionage. As well, Russian hackers have targeted Ukrainian and Eastern European infrastructure and extorted millions of dollars in ransom from businesses worldwide.

There is a growing difficulty separating cybercriminal activity from nation-state adversary activity, such as when the government sees “hackers who are profit-minded criminals by day and state-sponsored criminals by night.”

The U.S. relies heavily on “collaborative, public-private” operations to identify threats and stop them, despite government efforts, including from the Cybersecurity Infrastructure Agency.

Such partnerships aren’t new, Wray said. A cyberattack on Colonial Pipeline disrupted fuel supply across the East Coast in 2021, resulting in joint efforts.

Wray said the private sector hasn’t always been enthusiastic about working with federal law enforcement. When you contact us about an intrusion, we won’t show up in raid jackets.