To keep U.S. infrastructure safe, FBI Director Christopher Wray said Monday that the federal government relies more than ever on private sector support.

At Mandiant’s mWise Conference, Wray told a packed room of cybersecurity professionals and analysts that it has become increasingly difficult to discern between cybercriminal activity and adversarial nation-state activity. Google owns Mandiant.

Both international and domestic law enforcement have worked with Wray and the FBI to disrupt ransomware infrastructure and groups, including the Qakbot botnet and the Hive ransomware group. According to Wray, artificial intelligence could help China’s cyber intelligence operations in overpowering U.S. defenses, and the FBI’s cyber and intelligence agents are outnumbered by Chinese hackers by at least 50 to 1.

State-affiliated groups have been linked to influence campaigns on major social networks in China. However, there are also attacks coming from other places. As an example, North Korean hacking groups often aim to generate revenue while gathering espionage for the government. Additionally, Russian hackers have extorted millions of dollars in ransom from businesses worldwide and targeted infrastructure in Ukraine and Eastern Europe.

According to Wray, governments are increasingly unable to differentiate between cybercriminal activity and adversarial nation-state activity, like when hackers are profit-minded criminals during the day but state-sponsored at night.

He said the U.S. relies heavily on “collaborative, public-private” operations to identify threats and stop them, despite government efforts, including those of the Cybersecurity Infrastructure Agency.

Partnerships like these are not new, according to Wray. An East Coast fuel supply disruption caused by a cyberattack on Colonial Pipeline in 2021 prompted joint efforts.

The FBI was able to “quickly make substantial breakthroughs” in identifying the cybercriminals behind the attack due to Colonial’s rapid response and its quick engagement of Mandiant.