U.S. intel cites China, Russia, Iran as "aggressive" perpetrators of cyber espionage

Iran's cyber threat

In the latest of a series of intensifying warnings about cyber threats issued by the U.S. intelligence community, a new report says that China, Russia and Iran stand out as the three most hostile foreign actors to engage in economic espionage and in stealing proprietary secrets from American companies and corporations, noting that emerging technologies could expose some companies to previously unknown threats.

"We anticipate that China, Russia and Iran will remain aggressive and capable collectors of sensitive U.S. economic information and technologies, particularly in cyberspace," said the report, which was issued by the National Counterintelligence and Security Center (NCSC) and compiled with input from more than a dozen intelligence agencies. "All will almost certainly continue to deploy significant resources and a wide array of tactics to acquire intellectual property and proprietary information."

The NCSC, which last issued an unclassified report on the matter in 2011, said new, increasingly pervasive technologies like artificial intelligence and the Internet of Things – as it expands from "smart homes" to "smart cities" – may lay bare novel vulnerabilities for which the U.S. cyber security community is unprepared.

"Despite advances in cybersecurity," the report said, "cyber espionage continues to offer threat actors a relatively low-cost, high-yield avenue of approach to a wide spectrum of intellectual property."

As it has in previous years, the report noted that some countries with "closer ties to the United States" also engage in cyber espionage to obtain U.S. technology, though it did not identify those countries.

The report did identify six industries it said were of particularly high interest to foreign intelligence collectors, including energy, biotechnology, and defense sectors, as well as environmental protection, high-end manufacturing and information technologies industries.

Even as companies have hardened their defenses via increasingly sophisticated cybersecurity services, the report said, hackers and hostile actors have turned to software supply chain infiltration to conduct cyber espionage and engage in information theft and other organizational disruption.

"Last year represented a watershed in the reporting of software supply chain operations," the report said, with seven significant events reported in the public domain in 2017 alone, versus four previously reported between 2014 and 2016.

Among the examples cited in the report was an incident in 2017 that involved a common type of security software called CCleaner. It was loaded with a backdoor by hackers who ultimately penetrated hundreds of thousands of computers in an effort to access the networks of tech giants like Microsoft, Google, Samsung, Sony and Cisco.

New, restrictive cyber security and import laws passed by some foreign countries also pose risks to U.S. companies looking to conduct business overseas, the report said. In 2017 China mandated that foreign companies submit to government-administered national security reviews, and to store their data in China. Russia has begun requiring all foreign technologies to undergo source code reviews by its top security agency, the FSB, before being approved for sale.

Both countries, the report said, "could exploit these laws to significantly improve their access to the intellectual property of foreign companies operating in their countries and subsequently share this sensitive information with domestic firms."

Mueller indictment reveals key details about how U.S., Russia spy on each other

Similarly, foreign technology companies with a links to their host governments – as with Russia's Kaspersky Lab products, which were removed from all U.S. federal departments in late 2017 – were also cited as latent threats. The access to computers and networks the products often gain, the report said, also present an opportunity for countries to obtain sensitive information.

Though the countries cited by the report have long been known by U.S. intelligence and law enforcement agencies to engage in information theft and espionage, in recent weeks public warnings about their activities have increased.

At the Aspen Security Forum last week, FBI Director Christopher Wray said that "China, from a counterintelligence perspective, in many ways represents the broadest, most challenging, most significant threat we face as a country," citing both its cyber means and human sources. "The volume of it, the pervasiveness of it, the significance of it is something that I think this country cannot underestimate," he said.

Earlier this month, Director of National Intelligence Dan Coats warned that foreign actors like Russia, China, Iran and North Korea were daily conducting a range of attacks against a variety of targets, including U.S. businesses, federal, state and local governments, academic and financial institutions, and the country's critical infrastructure.

The NCSC report likewise stressed that non-business entities were far from exempt. "Federal research institutions, universities, and corporations are regularly targeted by online actors seeking all manner of proprietary information," the report said, "and the overall long-term trend remains worrisome."