An FBI assistant director has said that a hypothetical cyber attack from Iran affecting US technology systems, data and infrastructure would be likely to be considered an act of war.
Brett Leatherman, who leads the FBI’s cyber operations division, said that while Iran and cyber proxies enlisted by Iran have not yet carried out any cataclysmic cyber attacks against the US, he said that all information indicates that Tehran has intensified such efforts.
“If you use cyber weapons to destroy infrastructure, you’re now destroying information that a sovereign nation depends on,” Mr Leatherman said during a discussion on Thursday at the George Washington University’s Programme on Extremism. “That tends to be a red line.”
He pointed to several close calls in 2024, where the FBI was prompted to warn hospitals in the US that Iranians were seeking to compromise US health providers by deploying ransomware.
Ransomware is generally defined as type of malware designed to deny users, businesses or organisations access to their data stored on computers or servers in exchange for money.
In a ransomware attack, data is often encrypted, and criminals demand payment for the decryption key.
“Ultimately, it was freelance cyber operators working out of Iran trying to monetise their activity, trying to get money for engaging in malicious cyber operations,” he said. “The FBI was able to identify that and alert the hospitals early.”
Meanwhile, back in May, an Iranian man pleaded guilty to using ransomware to try to extort millions from governments and organisations in the US.
Despite an increase in cyberattacks, Mr Leatherman said the US retains the ability to overcome and respond to cyber threats from Iran. He also said despite no love loss between the two countries, an unspoken understanding in terms of cyberwarfare has emerged.
“There’s a sense of mutually assured destruction, and if they hit us they now that we can hit them back and can hit them back a lot harder,” he said.
That being said, Mr Leatherman said the FBI determined that in recent years, Tehran has used its cyber operations to impact and disrupt Iranians dissidents operating outside the country.
“They have devised specific lines of effort to identify those individuals in the US and abroad to collect information on them and potentially leverage lethal plotting,” he added.
In 2022, US intelligence determined that Iran's Islamic Revolutionary Guard Corps sought to devise a plot to kill an Iranian-American journalist and activist on US soil. It is not clear to what extent, if at all, cyber-operations were involved.
Mr Leatherman added that while artificial intelligence was quickly being used by globally to increase the effectiveness of attacks and propaganda operations, Iran has not yet been able to do so.
“I do not yet think that Iranians are using AI in the way that China or the Russians are,” he said, referring to Russian cyber operations that used AI to scale cyber influence operations and spread its narratives about the war in Ukraine.
Even without AI, Mr Leatherman pointed to various Iranian efforts in 2024 to hack US presidential campaigns, along with a proliferation of influence operations.
The assistant director’s comments came just hours after the FBI issued a joint cybersecurity advisory regarding forces in China, “who continue to target networks across the globe, particularly in the telecoms, transportation, lodging, and military infrastructure sectors”.
US companies and intelligence agencies are still trying to identify the fallout from the Salt Typhoon cyber breach that became apparent just last year, where the US accused China of sponsoring the attack that infiltrated communications companies and consumers.
