Good day. I am covering the International Conference on Cyber Security, hosted by the Federal Bureau of Investigation and Fordham University.

With all the subtlety of a sledgehammer, the popular twin themes have been China and public-private partnerships. The FBI is keen to paint a rosy picture of its work with the private sector, and the trust it has built up over the years. To be fair, many speakers on Tuesday said that information sharing has improved, along with the government’s efforts to declassify material when needed.

But not everyone is convinced the government and the private sector have the same objectives.

“Most clients, most victims are not interested primarily in bringing the fight to the actor. They want to recover their systems and in most cases, law-enforcement involvement or government sharing seems like a distraction or potentially a risk area,” said Adam Hickey, a partner at Mayer Brown who works on incident-response cases.

The overall feeling is that companies and the government have been on a few dates, but aren't ready to call it a relationship. More on the FBI taking the fight to the enemy below, in our newsletter extra.

More news below.

An unnamed state's Army National Guard was hacked by China's Salt Typhoon last year, according to a memo from the Department of Homeland Security. Maps and data exchanged with other states were stolen. The memo warned that the incident could help the suspected hackers further penetrate U.S. critical infrastructure as the Guard helps organizations respond to cyberattacks. (Reuters)

The FBI targeted infrastructure supporting a massive botnet operated by Chinese state-sponsored hackers, known as Flax Typhoon in Microsoft’s nomenclature for hacking groups.

“Flax Typhoon was one of the first times the FBI engaged in true cyber warfare, in real time, against CCP actors,” said Brett Leatherman, assistant director for cyber at the FBI, speaking at a cybersecurity conference hosted by the law-enforcement agency and Fordham University.

The botnet numbered more than 200,000 infected devices in the U.S. and elsewhere, court documents said. The devices included internet routers, cameras, storage devices and others, and were used to launch attacks on U.S. and foreign government agencies, companies, universities, telecoms providers and media organizations.

The FBI, in its battle last year, sent commands through the infected devices to bring the botnet under their control, disabling the so-called command and control infrastructure used by Flax Typhoon. However, the hackers fought back.

“They DDoSed the FBI infrastructure,” said Leatherman, using an acronym referring to distributed denial of service, a form of cyberattack in which servers are overloaded with traffic, usually from botnets, crashing them in the process. “They successfully pulled back a bunch of their bots, it was incredible.” 

Over the course of a weekend, Leatherman said, the FBI battled with the hackers, who seemed to be unaware they were facing off against the U.S. government until the agency managed to wrest control of the bots’ infrastructure. The bureau uploaded a splash page and seized the domain. Flax Typhoon then realized they had attacked the FBI.

“They actually burned down their own infrastructure at that point. We didn't have to do it,” Leatherman said.

– James Rundle

The WSJ Pro Cybersecurity team is Deputy Bureau Chief Kim S. Nash and reporters Angus Loten, James Rundle and Catherine Stupp. Follow us on X @WSJCyber. Reach the team by replying to any newsletter you receive or by emailing Kim at kim.nash@wsj.com.