The House Committee on Homeland Security has released an updated “Cyber Threat Snapshot” detailing a sharp rise in cyberattacks by nation-states and criminal groups targeting U.S. networks and critical infrastructure. The report comes as the country transitions from Cybersecurity Awareness Month to Critical Infrastructure Security and Resilience Month.
The increasing state-sponsored and criminal cyberattacks underscore the urgency of strengthening critical infrastructure defense. On Nov. 12, Potomac Officers Club’s 2025 Homeland Security Summit will bring together DHS, CISA and industry leaders to discuss how emerging technologies, AI and cross-sector collaboration can fortify the nation’s cybersecurity posture. Register now to hear from experts shaping America’s resilience against evolving cyberthreats.
Table of Contents
Which US Sectors Are Facing the Greatest Threats?
The document highlights the aggressive targeting of key U.S. sectors, with particular emphasis on activity associated with China.
The industries most frequently targeted in attacks, according to CrowdStrike data included in the snapshot, are manufacturing; finance and insurance; and professional, business and consumer services. Energy, transportation, retail, healthcare and wholesale sectors account for the remaining documented attacks.
Attacks linked to China surged 150 percent in 2024, with operations against financial services, media, manufacturing and industrial networks increasing 300 percent.
The threat snapshot stated that intrusions into critical infrastructure sectors such as energy, telecommunications and water are likely aimed at establishing long-term access for potential disruption during a geopolitical crisis. A cited example involved China-backed actors maintaining network access for months within a public power utility in Littleton, Massachusetts.
The report also referenced the Salt Typhoon espionage campaign, which infiltrated at least nine major telecommunications providers in 2024, reportedly to exfiltrate sensitive data, conduct espionage on law enforcement’s wiretapping requests and access presidential candidates’ phones.
How Much Are Cyberattacks Costing the U.S. Economy?
Citing data from IBM, the threat snapshot noted that the average cost of a U.S. data breach in 2025 has reached $10 million, more than double the global average. The increasing cyberthreats are compounded by ongoing operational disruptions, including the current federal government shutdown and the lapse of the Cybersecurity Information Sharing Act of 2015.
“Amid a heightened threat landscape, we must take a whole-of-society approach to countering escalating cyber threats from adversaries like the Chinese Communist Party, Iran, Russia, North Korea, and others,” said HCHS Chairman Andrew Garbarino, R-N.Y., upon releasing the snapshot. “As the shutdown continues and a gap remains in our cyber information sharing authorities, a decrease in the visibility of cyber threats across public and private sectors could create blind spots in our networks. Senate Democrats must reopen the government so we can chart a better path forward for our nation’s collective cyber resilience.”
How Are Other Adversaries Expanding Their Cyber Operations?
Cyber operations from other adversaries are also intensifying:
- Iran-linked attacks increased 133 percent between March and June 2025.
- Russia-affiliated hackers reportedly breached the U.S. Courts’ electronic case filing system in July 2025.
- North Korea is leveraging artificial intelligence to deploy covert IT workers into U.S. companies, using AI tools to enhance cyber intrusions. The report noted that AI-driven attacks were tied to one in six data breaches in 2025, citing data from IBM.
Cyber attacks have led to severe disruptions at the local level, forcing cities like St. Paul, Minnesota, and Mission, Texas, to declare states of emergency. According to the committee, many state, local, tribal and territorial governments lack the necessary resources and technical expertise to defend their systems against advanced cyberthreats.
Meanwhile, ransomware groups like Scattered Spider continue to operate globally, targeting large corporations through extortion and data theft schemes.
