THREAT SNAPSHOT: Cyber Threats Remain Heightened Amid Lapse in Information Sharing Authorities, Government Shutdown

WASHINGTON, D.C. -- As Cybersecurity Awareness Month comes to a close and Critical Infrastructure Security and Resilience Month nears, today, the House Committee on Homeland Security released an updated "Cyber Threat Snapshot," outlining the heightened threats posed by malign nation-states and criminals to U.S. networks and critical infrastructure since 2024. Read the previous "Cyber Threat Snapshot," which outlined threats from 2021 through 2024, here. Read Chairman Andrew R. Garbarino's (R-NY) op-ed from today in CyberScoop here.

"Amid a heightened threat landscape, we must take a whole-of-society approach to countering escalating cyber threats from adversaries like the Chinese Communist Party, Iran, Russia, North Korea, and others," Chairman Garbarino said upon releasing the snapshot. "As the shutdown continues and a gap remains in our cyber information sharing authorities, a decrease in the visibility of cyber threats across public and private sectors could create blind spots in our networks. Senate Democrats must reopen the government so we can chart a better path forward for our nation's collective cyber resilience."

The current federal government shutdown, coupled with the lapse of the Cybersecurity Information Sharing Act of 2015, is significantly constraining the federal government's ability to coordinate with industry and execute its defensive cyber mission. This gap in federal cyber capacity comes at a moment when cyber actors affiliated with the People's Republic of China (PRC) are expanding their targeting of U.S. networks.

In 2024, the PRC's cyber espionage efforts rose 150 percent compared to the previous year, according to CrowdStrike. China's targeted attacks on the financial services, media, manufacturing, and the industrial sectors increased 300 percent. The most unprecedented of these intrusions, Salt Typhoon, compromised at least nine major telecommunications providers in 2024, reportedly to exfiltrate data and conduct espionage on law enforcement's wiretapping requests. This included accessing the phones of presidential candidates. Salt Typhoon targeted 80 countries and potentially gained access to data from nearly every American.

The federal government remains a target for PRC-backed cyber actors. In July 2025, three PRC-associated threat actors compromised more than 400 organizations through Microsoft SharePoint, including the Department of Energy, the Department of Homeland Security, and the Department of Health and Human Services. These widespread threats underscore the need for enhanced interagency coordination throughout the government.

Beyond federal civilian networks, PRC-backed cyber actors continue to probe and infiltrate U.S. critical infrastructure, including networks that support the water, energy, and telecommunications sectors. These intrusions appear intended to establish persistent access and pre-position capabilities that could be leveraged to disrupt services in the event of a geopolitical crisis. The private sector owns or operates most of our nation's critical infrastructure, and 70 percent of attacks involved this infrastructure in 2024. For example, PRC-backed cyber actors maintained access for months within the networks of a public power utility in Littleton, Massachusetts, highlighting the persistent and sophisticated nature of these operations.

Cyber threats from other adversarial regimes are also escalating. Iranian-affiliated cyberattacks spiked 133 percent in May and June of this year, compared to March and April, amid U.S. and Israeli airstrikes. In July, the electronic case filing system managed by the Administrative Office of the U.S. Courts was reportedly breached, at least in part, by Russia-affiliated hackers. With advancements in artificial intelligence (AI), North Korea has deployed undercover information technology (IT) workers to infiltrate U.S. companies by gaining remote jobs, in part, using AI as a force multiplier. One in six data breaches in 2025 involved attacks driven by AI.

So far in 2025, at least 44 U.S. states reported cyber incidents affecting state and local government systems. Communities from St. Paul, Minnesota, to Mission, Texas, declared states of emergency following major intrusions. State, local, tribal, and territorial governments often lack the dedicated resources and technical expertise needed to defend their networks, leaving them vulnerable to cyber threat actors.

Outside of nation-state actors, decentralized cybercriminal groups, such as Scattered Spider, continue to launch ransomware and data extortion campaigns against major global companies. These financially motivated attacks are only growing more costly, with the average cost of a data breach in the U.S. reaching $10 million in 2025, more than double the global average.

The heightened threat landscape is why the Committee advanced Rep. Andy Ogles' (R-TN) bill, the "Strengthening Cyber Resilience Against State-Sponsored Threats Act,"to improve interagency coordination efforts to combat threats from the PRC, Rep. Ogles' "PILLAR Act" to extend and improve the State and Local Cybersecurity Grant Program, and Chairman Garbarino's "WIMWIG Act," to enhance and extend voluntary cybersecurity information sharing authorities--reinforcing a whole-of-society effort between the public and private sectors to defend against evolving cyber threats.

###