In a year marked by escalating cyber threats, 2025 has already witnessed major cyberattacks on state and local governments across 44 U.S. states, highlighting the growing vulnerability of critical infrastructure to malicious actors, according to a new cyber threat snapshot from the House Committee on Homeland Security (HCHS). The snapshot illustrates a clear trend of increasing cyberattacks targeting U.S. networks and critical infrastructure since 2024.
According to the snapshot, malicious cyber activity from the People’s Republic of China (PRC) rose 150% in 2024 compared with the previous year. PRC-linked threats targeted financial services, media, manufacturing, and industrial sectors.
Cyber threats from other nations also increased. Iranian-affiliated attacks jumped 133% between May and June 2025 compared with the previous two months, while Russia-linked hackers breached the electronic case filing system used by the federal judiciary.
These widespread threats underscore the need for enhanced interagency coordination throughout the government, the committee said in a press release. Chairman Andrew R. Garbarino, R-N.Y., called for a “whole-of-society approach to countering escalating cyber threats.”
Just this year, cities from St. Paul, Minn., to Mission, Texas, declared states of emergency after major intrusions. The committee noted that many state, local, tribal, and territorial governments lack the technical expertise and resources to defend against advanced cyberattacks.
The ongoing government shutdown is amplifying cyber threats, Garbarino emphasized.
“As the shutdown continues and a gap remains in our cyber information sharing authorities, a decrease in the visibility of cyber threats across public and private sectors could create blind spots in our networks,” Garbarino said, calling for Senate democrats to “reopen the government so we can chart a better path forward for our nation’s collective cyber resilience.”
According to the committee, the “current federal government shutdown, coupled with the lapse of the Cybersecurity Information Sharing Act of 2015, is significantly constraining the federal government’s ability to coordinate with industry and execute its defensive cyber mission.”
Since April, the committee advanced three cybersecurity bills to address the heightened threat landscape. The Strengthening Cyber Resilience Against State-Sponsored Threats Act is aimed at improving interagency cooperation to counter PRC-linked cyber threats. The PILLAR Act would extend the State and Local Cybersecurity Grant Program, and the WIMWIG Act would strengthen voluntary cybersecurity information sharing between the public and private sectors.