FBI Cyber Chief Warns: Don’t Let Urgency Fade on China’s Persistent Threat

The newly appointed head FBI official has emphasized that Chinese state-sponsored cyber operations remain one of the most persistent and strategic threats facing U.S. national infrastructure, despite the current shift in focus toward Middle Eastern tensions. Speaking to Recorded Future News, Brett Leatherman, the newly appointed head of the FBI’s Cyber Division, warned that while public and policy attention may be trained on the potential for Iranian-linked cyber retaliation following recent military escalations, the threat from Chinese groups—especially those under the “Typhoon” umbrella—is ongoing and deliberate. “There's strategic risk here, when it comes to [China], with being complacent. My thought is, when cyber intrusions stay invisible, urgency fades,” he told Recorded Future News. “That's the exact environment that [China] is counting on. We’ve got to continue to be in a position to alert the public that this is ongoing activity. We don’t need to panic. We just need clarity because the threat's real, it’s persistent, it’s strategic.” These comments arrive as the FBI continues to investigate the long-term espionage activity of groups like Salt Typhoon, which have actively targeted U.S. telecommunications infrastructure.

According to The Record, Leatherman confirmed that Chinese cyber actors maintain a focused effort to map critical infrastructure, siphon sensitive information, and aggregate data from multiple breaches to construct detailed intelligence profiles. He noted that as of April 2025, at least two Typhoon-aligned groups were still actively targeting U.S. entities, and that recent calls for public tips have produced actionable leads. Salt Typhoon, in particular, has demonstrated an ability to persist in high-value networks, including telecommunications and remote access infrastructure, as seen in its breach of a Canadian telecom firm reported in a joint FBI–Canadian advisory. That same report connected the actors to previous intrusions against major U.S. providers. “It’s really part of a long game by [China] to map our infrastructure, to steal our data, to erode our strategic edge from the inside out,” Leatherman said. These operations are marked by subtlety and patience, with actors maintaining stealthy access and exploiting third-party relationships to deepen network penetration without triggering widespread detection.

While the U.S. government remains alert to potential cyber retaliation from Iran—especially in light of a Homeland Security advisory forecasting disruptive behavior from pro-Iranian groups and state-linked actors—Leatherman urged against deprioritizing China in the national threat landscape. The FBI's Iran Threat Mission Center is currently coordinating efforts to monitor threats tied to Middle Eastern escalation, but Leatherman reiterated that China’s cyber campaigns, though often less visible, carry longer-term strategic consequences. Chinese cyber actors are known for waiting, embedding themselves within networks for extended periods, and returning to extract additional value over time—an approach that makes mitigation difficult once initial access is established. Security experts such as former State Department cyber diplomat Chris Painter echoed the concern, noting China’s “capability and intent” to pursue a long-term strategy of digital infiltration.