The U.S. should stay vigilant about the ongoing digital threat posed by China even though events in the Middle East have drawn attention to potential cyberattacks by Iran, according to a senior FBI official.
Beijing’s malicious cyber activity “unfolds in silence. You don’t see a fireball on the news. But the strategic damage — damage to us — is real and it continues to accumulate over time,” Brett Leatherman, the newly appointed head of the FBI’s Cyber Division, said Monday during a phone interview.
“There’s strategic risk here, when it comes to [China], with being complacent. My thought is, when cyber intrusions stay invisible, urgency fades,” he told Recorded Future News. “That’s the exact environment that [China] is counting on. We’ve got to continue to be in a position to alert the public that this is ongoing activity. We don’t need to panic. We just need clarity because the threat’s real, it’s persistent, it’s strategic.”
Leatherman’s warning about China comes amid rising concerns that Iran could unleash a digital assault on the U.S. for bombing the country’s nuclear facilities. While there have been no confirmed cyberattacks yet, federal law enforcement and intelligence officials are on high alert for such retaliation from Tehran, a longtime adversary in the digital domain.
Leatherman said he had a call Monday morning with Israeli officials and some European partners about the potential for cyber targeting by Iran or state-supported and affiliated actors. He noted his organization is part of the bureau’s Iran Threat Mission Center (ITMC), which also includes the Counterintelligence and Counterterrorism divisions.
“The public should understand that all of us are working together in an approach that brings those disciplines together in order to protect the country,” he said. “The ITMC is operating as it should right now.”
However, he stressed that China’s intrusions into the networks of U.S. critical infrastructure operators, telecom firms and others remain “one of the more consequential cyber espionage campaigns we’ve seen today.”
He told Recorded Future News in April that at least two of the so-called Typhoon hacking groups were still actively targeting the U.S.
Around that same time, the bureau issued a public call for “any information” on the campaigns.
“I can say that that call for information did yield results, and it has provided investigative avenues for us to pursue that we continue to pursue to this day,” according to Leatherman, adding there likely will be similar calls in the future with the hope of sharing the tips publicly one day.
‘Part of a long game’
On Monday, the Canadian Centre for Cyber Security and the FBI disclosed that the hacking group dubbed Salt Typhoon had breached a Canadian telecommunications firm. Earlier this month, satellite telecommunications firm Viasat was identified as one of the group’s victims, joining the ranks of Verizon, AT&T and Lumen.
Leatherman said the list of U.S. victims sits at nine firms, echoing comments he made in April, “but that number could go up.” Not all nine victims have been publicly identified.
He said the broad, long-running investigation has revealed that “third-party risk continues to be a point of exposure” for the telecom industry, as it has been in others, and that China “continues to invest a ton of resources in cyber exploitation.”
Salt Typhoon should not be viewed as a “one-off breach,” according to Leatherman.
“It’s really part of a long game by [China] to map our infrastructure, to steal our data, to erode our strategic edge from the inside out … to take the data part of the Salt Typhoon breach, aggregate it with other data stolen from other prior breaches and build out a better intelligence picture of the United States.”
Chris Painter, a top cybersecurity diplomat who served in the Obama administration and during Donald Trump’s first presidency, said he would “generally agree” with Leatherman’s warning not to divert attention away from Beijing.
“Though with the Typhoon intrusion sets it’s hard to say they have been all that silent (though it’s true they tried to be),” he said. “They do have their eyes on the long game and obviously have both capability and intent.”
Recorded Future
Intelligence Cloud.
