As Cybersecurity Awareness Month ends and Critical Infrastructure Security and Resilience Month approaches, the House Committee on Homeland Security has released an updated "Cyber Threat Snapshot." The report details increased cyber threats from nation-states and criminal groups targeting U.S. networks and critical infrastructure since 2024.
"Amid a heightened threat landscape, we must take a whole-of-society approach to countering escalating cyber threats from adversaries like the Chinese Communist Party, Iran, Russia, North Korea, and others," said Chairman Andrew R. Garbarino (R-NY). "As the shutdown continues and a gap remains in our cyber information sharing authorities, a decrease in the visibility of cyber threats across public and private sectors could create blind spots in our networks. Senate Democrats must reopen the government so we can chart a better path forward for our nation’s collective cyber resilience."
The ongoing federal government shutdown, along with the expiration of the Cybersecurity Information Sharing Act of 2015, is limiting federal coordination with industry partners and weakening defensive efforts. This comes at a time when cyber actors linked to China are expanding their activities against U.S. networks.
In 2024, there was a significant increase in Chinese cyber espionage activity. According to CrowdStrike data, these operations rose by 150 percent compared to the previous year. Attacks targeting sectors such as financial services, media, manufacturing, and industrial industries grew by 300 percent. One major incident involved Salt Typhoon compromising at least nine telecommunications providers to access sensitive law enforcement data and presidential candidates' phone information. Salt Typhoon reportedly targeted organizations in 80 countries and may have accessed data from nearly every American.
Federal agencies have also been targeted. In July 2025, three threat actors connected to China compromised more than 400 organizations through Microsoft SharePoint systems. Victims included the Department of Energy, Department of Homeland Security, and Department of Health and Human Services.
Chinese-backed actors continue attempts to access critical infrastructure like water utilities, energy grids, and telecom networks. These actions seem aimed at establishing long-term access that could be used during geopolitical tensions. The majority of critical infrastructure is owned or operated by private entities; in 2024, about 70 percent of attacks affected this sector. For instance, PRC-backed hackers maintained access for months inside a public power utility network in Littleton, Massachusetts.
Other adversarial states are increasing their activities as well. Iranian-linked attacks jumped by 133 percent during May and June amid international conflicts involving the U.S. In July 2025, Russian-affiliated hackers were reported to have breached the electronic case filing system managed by the Administrative Office of the U.S. Courts.
North Korea has been using advances in artificial intelligence (AI) to send undercover IT workers into U.S.-based companies through remote jobs; AI has played a role in one out of every six data breaches this year.
In 2025 alone, at least 44 states reported incidents affecting state or local government IT systems. Cities such as St. Paul, Minnesota, and Mission, Texas declared emergencies following significant breaches due to limited resources available for defending their networks.
Cybercriminal groups not tied directly to nation-states are also active; organizations like Scattered Spider continue ransomware campaigns against large companies worldwide. Financial losses are mounting: In 2025 so far, average costs for data breaches reached $10 million per incident in the United States—more than double the global average.
To address these issues legislatively, the committee advanced several bills including Rep. Andy Ogles’ “Strengthening Cyber Resilience Against State-Sponsored Threats Act,” designed to improve interagency cooperation against PRC-linked threats; Ogles’ “PILLAR Act,” which aims to enhance state and local cybersecurity grant programs; and Chairman Garbarino’s “WIMWIG Act” for extending voluntary information sharing authorities between sectors.
