Justice Took Down Two Domains Used in USAID Hack 


The action demonstrates the department’s authorities beyond attributing malicious cyber activity.  

The day after Microsoft flagged an intrusion into the U.S. Agency for International Development, Justice Department officials seized two internet domains adversaries used to establish command and control of victim networks.

The Justice Department is known for attributing malicious cyber activity by issuing indictments, often against foreign actors where they have little control over whether those charged would face trial. The domain seizures Friday show the department is willing and able to do more to foil cybercrime, officials said in a press release Tuesday.

“Last week’s action is a continued demonstration of the Department’s commitment to proactively disrupt hacking activity prior to the conclusion of a criminal investigation,” said Assistant Attorney General John C. Demers for the Justice Department’s National Security Division. “Law enforcement remains an integral part of the U.S. government’s broader disruption efforts against malicious cyber-enabled activities, even prior to arrest, and we will continue to evaluate all possible opportunities to use our unique authorities to act against such threats.”

Microsoft said Russia’s Foreign Intelligence Service is responsible for the USAID compromise but a joint cybersecurity advisory from the FBI and the Cybersecurity and Infrastructure Security Agency said the government is still investigating the hack and has made no attribution.

While the Kremlin may not officially be behind the attack, some, including President Joe Biden, have suggested governments should take responsibility for criminal activity happening within their borders.

“Tolerating criminal activity within your borders should be a punishable offense. And my guess is not a sparrow falls in Russia that Putin doesn't know about,” Sen. Angus King, I-Maine, said during a Defense One-Nextgov event on Thursday. 

Officials are hoping to establish norms for responsible behavior in cyberspace through diplomatic efforts, including at the United Nations, where China, Russia and the U.S. have reached some initial agreement. In the meantime, Justice is doing what it can to thwart malicious activity that uses US infrastructure, officials said. 

“Friday’s court-authorized domain seizures reflect the FBI Washington Field Office’s continued commitment to cyber victims in our region,” said Assistant Director in Charge Steven M. D’Antuono of the FBI’s Washington Field Office. “These actions demonstrate our ability to quickly respond to malicious cyber activities by leveraging our unique authorities to disrupt our cyber adversaries.”