The Digital Battleground: How Adversaries Leverage Cyber Threats to Challenge U.S. Policies

Vladimir Tsakanyan

Executive Summary

Cyber threats emanating from both state and non-state actors represent a persistent and evolving challenge to U.S. national security and policy objectives. This report examines how adversaries, including Iran, Russia, China, and transnational criminal organizations such as drug cartels, strategically employ cyber capabilities to achieve geopolitical, economic, and operational goals. Their motivations range from direct retaliation and influence operations to extensive economic espionage and the direct disruption of critical infrastructure. The interconnectedness of digital systems means that vulnerabilities in cyberspace can have profound real-world consequences, extending to kinetic impacts and undermining democratic processes. The United States faces a complex threat landscape that necessitates robust defensive measures, proactive deterrence strategies, and enhanced public-private partnerships to build resilience against a spectrum of cyber aggressors.

The following table provides a high-level overview of the key cyber threat actors discussed in this report and their primary objectives in targeting the United States.

Actor	Primary Cyber Objectives	Key Targets
Iran	Geopolitical retaliation, psychological warfare, intelligence collection, regional influence.	Critical infrastructure (water utilities, energy, financial), government networks, political campaigns, poorly secured U.S. networks.
Transnational Criminal Organizations (e.g., Cartels)	Operational security, informant identification and neutralization, disruption of law enforcement, financial gain.	Law enforcement communications, government officials’ devices, public surveillance systems, healthcare systems, municipal governments.
Russia	Undermining U.S. foreign policy (e.g., support for Ukraine), influencing democratic processes, information confrontation.	Critical infrastructure (energy grids, transportation, telecommunications), government websites, election systems, public opinion.
China	Economic dominance, intellectual property theft, pre-positioning for critical infrastructure disruption during conflict.	Government networks, private sector (IP, trade secrets), critical infrastructure (power, water, telecoms, space systems), military assets.

1. Introduction: The Evolving Landscape of Cyber Threats to U.S. Policy

Cyber warfare has emerged as a critical component of modern geopolitical competition, transcending traditional notions of conflict to become a pervasive strategic tool. No longer confined to isolated technical incidents, cyber operations are now integral to achieving political, economic, and military objectives against the United States. This report analyzes how diverse actors—ranging from state-sponsored entities like Iran, Russia, and China to sophisticated non-state organizations such as transnational criminal cartels—exploit digital vulnerabilities to advance their agendas, directly impacting U.S. policies and national interests.

The strategic importance of cyber operations lies in their capacity to enable asymmetric warfare. Cyber capabilities offer adversaries a means to project power, gather intelligence, disrupt operations, and sow discord with a significant degree of deniability, often at a substantially lower cost than conventional military action.¹ This inherent cost-effectiveness makes cyber operations an increasingly attractive avenue for hostile actions. The affordability of these operations lowers the barrier to entry for a wider array of actors, including less powerful states and non-state entities, enabling them to exert considerable influence and cause widespread disruption against a technologically advanced nation like the United States. This dynamic fundamentally alters the balance of power in certain domains, making cyber warfare a preferred method for those seeking to challenge established global hierarchies. The ease and affordability of these operations also heighten the potential for “strategic surprise” ², compelling the U.S. to invest disproportionately in defensive and resilience measures, as the cost of mounting an attack is frequently lower than the cost of defending against it or recovering from its effects. This ongoing “information confrontation” ³ defines a new frontier in international relations, where digital superiority is increasingly synonymous with strategic advantage.

2. Iran: Cyber Retaliation and Regional Instability

Iran’s cyber operations against the United States are largely driven by geopolitical grievances and a desire for retaliation, particularly in response to U.S. involvement in regional conflicts and specific incidents. The ongoing conflict in Iran and direct U.S. military actions, such as airstrikes against nuclear facilities, have consistently led to a heightened cyber threat environment.¹ A significant motivator for these attacks also stems from Iran’s stated commitment to target U.S. government officials deemed responsible for the death of an Iranian military commander in January 2020.⁴

Iranian actors, including both government-affiliated groups and pro-Iranian hacktivists, frequently employ cyber operations as a form of psychological warfare, often exaggerating the impact of their attacks to maximize their perceived effect.⁵ The inherent deniability associated with cyberattacks further enhances their appeal, allowing Iran to extend its reach and retaliate against perceived aggressions without necessarily inviting direct, overt military responses.⁵

The tactics employed by these actors commonly involve exploiting readily available vulnerabilities. They routinely target poorly secured U.S. networks and internet-connected devices, leveraging “targets of opportunity,” outdated software, and the widespread use of default or common passwords.⁴ These disruptive attacks frequently manifest as Distributed Denial of Service (DDoS) campaigns, which are expected to significantly increase, and potentially include ransomware attacks.⁵ Past incidents have seen Iranian hackers infiltrate operational technology (OT) equipment, including those powering water utilities and other critical infrastructure.⁵ Beyond disruption, Iran also engages in intelligence collection, though its capabilities may be less advanced than those of China or Russia. These efforts aim to understand U.S. and Israeli planning, as evidenced by attempts to compromise political campaigns, such as a June 2024 incident involving an email account linked to a former U.S. President’s campaign, and efforts to manipulate journalists.¹

The impact on U.S. critical infrastructure and national security is a significant concern. The U.S. government has issued warnings about new Iran-linked cyber threats targeting critical infrastructure, advising organizations to disconnect operational technology from the internet and enforce strong account protections.⁵ While attacks on banks, defense contractors, and oil companies have occurred, they have not yet caused widespread disruptions to critical infrastructure or the broader economy.¹ Nevertheless, the threat remains elevated. Furthermore, the geopolitical tensions, particularly the Israel-Iran conflict, have the potential to inspire violent extremists and hate crime perpetrators within the Homeland to attack targets perceived as Jewish, pro-Israel, or linked to the U.S. government or military.⁴

A notable characteristic of Iranian cyber operations is the blurring of lines between state-controlled entities and seemingly independent non-state actors. Consistent references to both “pro-Iranian hacktivists” and “Iranian government-affiliated actors” ⁴ indicate a dual-pronged approach. Some hacker groups may operate with direct ties to military or intelligence agencies, while others may act independently but in alignment with Iranian interests.¹ This creates a significant challenge for attribution, as the precise level of state control over certain cyber activities remains ambiguous. This deniability allows Iran to test U.S. defenses, conduct retaliatory actions, and engage in psychological warfare without necessarily crossing a threshold that would trigger a direct, overt U.S. response. This ambiguity fosters a “grey zone” of conflict, where continuous, low-level cyberattacks can occur without clear escalation. Consequently, U.S. policy responses must be calibrated to address this ambiguous attribution, potentially through a combination of public identification of malicious actors, targeted sanctions, and enhanced defensive measures, rather than solely relying on traditional kinetic retaliation.

3. Transnational Criminal Organizations: Cartels and Cyber Espionage

Transnational criminal organizations, exemplified by powerful drug cartels, are increasingly integrating sophisticated cyber capabilities into their illicit operations, posing a direct threat to U.S. law enforcement and national security. Their primary motivation for employing cyber means is to enhance operational security and identify and neutralize threats to their enterprises, particularly FBI informants and cooperating witnesses.⁸ By tracking federal officials and their contacts, these organizations aim to compromise ongoing investigations and maintain the integrity of their vast criminal networks.⁸ Furthermore, as multi-billion-dollar global enterprises, cartels leverage advanced technology for financial movements, including cryptocurrency, and to optimize their overall business operations.⁹

The tactics employed by these criminal groups involve extensive “ubiquitous technical surveillance” (UTS), a term referring to the widespread availability of data that can be exploited by adversaries.⁹ This includes exploiting mobile phones and other electronic devices to extract critical intelligence.⁸ A particularly alarming incident involved a Sinaloa cartel-hired “cybersnoop” who gained access to Mexico City’s camera system to track the movements of individuals, including a senior FBI official. This cybercriminal also used the official’s phone number to obtain call logs and geolocation data.⁸ The availability of a “menu of services” from such hired cybercriminals underscores a professionalized and sophisticated approach to cyber operations within these criminal enterprises.⁸

The impact of these cyber operations on U.S. law enforcement and national security is severe and direct. The information obtained through cyber means has been explicitly used by cartels to “intimidate and, in some instances, kill potential sources or cooperating witnesses”.⁸ This constitutes a tangible and lethal consequence for U.S. law enforcement efforts. A 2022 Department of Justice (DoJ) Office of Inspector General (OIG) audit highlighted “immediate concerns regarding the FBI’s management of the Ubiquitous Technical Surveillance (UTS) threat,” noting the FBI’s response as “disjointed and inconsistent”.⁸ This reveals critical internal vulnerabilities within federal agencies that adversaries are actively exploiting. The broader threat of high-tech surveillance to U.S. national security is so profound that some within the FBI and CIA have described it as “existential”.⁹

The convergence of cyber capabilities and kinetic violence in criminal operations represents a significant evolution in the threat landscape. This demonstrates that cyber operations are not merely about data theft or digital disruption but serve as a powerful force multiplier for traditional criminal activities, enabling more effective and lethal outcomes. This sophistication blurs the traditional distinctions between “cybercrime” and “national security threats,” as these criminal organizations now possess and utilize capabilities previously associated primarily with state intelligence agencies. For U.S. policy, this necessitates a fundamental adaptation of counter-narcotics and anti-gang strategies to incorporate robust cyber counter-surveillance and defensive measures. The perception of an “existential” threat ⁹ underscores the urgent need for integrated cyber and kinetic responses, alongside a critical focus on strengthening internal security vulnerabilities within federal agencies themselves.⁸

4. Russia: Cyber Operations in Geopolitical Confrontation

Russia’s strategic use of cyber operations is deeply embedded within its broader geopolitical confrontation, particularly in the context of its conflict with Ukraine and its persistent efforts to undermine U.S. policies and democratic processes. A primary objective of Russian influence operations is to significantly erode U.S. support for Ukraine, employing various means to shift public sentiment and reduce military assistance to Kyiv.¹¹ Beyond Ukraine, Russia consistently leverages cyber operations, including hacking and leaking campaigns, to influence U.S. and European elections, aiming to exploit societal polarization and diminish public faith in democratic institutions.³ Russia views activities in cyberspace as a critical component of an “all-encompassing framework of ‘information confrontation’,” seeking to achieve superiority by targeting adversary information infrastructure while simultaneously protecting its own.³

Russian tactics are characterized by a history of disruptive and destructive malware. Notable incidents include rendering Ukraine’s power grids inoperable for extended periods in 2015 and 2016, affecting hundreds of thousands of citizens. Prior to the full-scale invasion, Russia launched massive coordinated cyberattacks against Ukrainian government websites, financial services, and even satellite networks.¹³ Disinformation campaigns are another cornerstone of Russia’s strategy. Actors like “Storm-1516” employ traditional and social media, alongside covert and overt campaigns, to “launder anti-Ukraine narratives into U.S. audiences” through a multi-stage process involving purported whistleblowers and seemingly unaffiliated networks.¹¹ This includes the creation of fake videos and content designed to sow division among Americans.¹² Looking ahead, Russia, along with Iran and China, is expected to increase the pace of influence and interference activities using generative AI, with AI-generated audio noted as potentially more impactful than video in disinformation efforts.¹¹ Furthermore, Russia’s advanced cyber capabilities include past attempts to pre-position access on U.S. critical infrastructure, making it a persistent threat for potential future attacks.⁷

The impact of these operations on U.S. foreign policy and democratic processes is substantial. Disinformation campaigns directly seek to erode U.S. public and political support for Ukraine, thereby influencing policy decisions regarding military aid and diplomatic engagement.¹¹ The broader aim of Russian influence operations is to divide Americans and undermine confidence in democratic institutions, a long-term strategic goal.¹¹ Moreover, Russia’s demonstrated experience in integrating cyberattacks with wartime military action significantly amplifies its potential to impact U.S. targets during times of conflict.⁷

Russia’s strategic integration of cyber and information warfare into its national doctrine is a critical aspect of its approach. Russia explicitly views cyber operations not as an isolated technical domain but as an integral element of its broader geopolitical strategy, particularly within the context of hybrid warfare.³ This means that Russian cyber threats are not merely opportunistic; they are meticulously designed to achieve synergistic effects when combined with diplomatic, military, and economic pressures. For instance, their extensive disinformation campaigns ¹¹ are directly linked to influencing U.S. policy on Ukraine, demonstrating a highly coordinated effort to achieve specific political outcomes through a combination of information manipulation and digital disruption. Countering Russia therefore necessitates a holistic U.S. response that seamlessly integrates cybersecurity defenses with robust counter-disinformation efforts, targeted diplomatic pressure, and economic sanctions. This comprehensive approach is essential to anticipate and defend against multi-domain attacks where cyber capabilities serve as a key enabler for broader strategic objectives.

5. China: Strategic Cyber Espionage and Economic Coercion

China’s cyber operations are extensive, sophisticated, and deeply integrated into its national strategy to achieve economic dominance and geopolitical influence. The overarching objective is to surpass the United States as a global science and technology (S&T) superpower through an aggressive, “whole-of-government approach”.⁷ A significant component of this strategy is widespread economic espionage and intellectual property (IP) theft. China is consistently identified as the “most active and persistent cyber threat” to U.S. government, private-sector, and critical infrastructure networks, with a pronounced focus on stealing intellectual property and trade secrets.⁷ As much as 80% of U.S. economic espionage cases involve entities linked to the People’s Republic of China (PRC), with the total cost to the U.S. economy from counterfeit goods, pirated software, and trade secret theft estimated at hundreds of billions annually.⁷

Beyond espionage, Beijing is actively pre-positioning access on U.S. critical infrastructure networks for potential cyberattacks in the event of a conflict.² Such attacks would be designed to deter U.S. military action, induce societal panic, and interfere with the deployment of U.S. forces.⁷

Chinese tactics involve the deployment of Advanced Persistent Threats (APTs) like “Volt Typhoon,” which has been observed actively implanting malware in critical U.S. infrastructure, including water and power systems. This marks a shift from pure espionage to developing capabilities for direct disruption and sabotage.² Similarly, “Salt Typhoon” has successfully breached U.S. telecommunications infrastructure.² These operations often exploit vulnerabilities in widely used systems and supply chains. The People’s Liberation Army (PLA) is also anticipated to utilize Large Language Models (LLMs) to generate information deception attacks, create fake news, and imitate personas, indicating an evolving approach to influence operations.⁷ Furthermore, there are growing concerns that China’s intelligence network may be developing capabilities for physical sabotage of critical infrastructure during a conflict, with U.S. authorities tracking incidents of Chinese nationals attempting to access military bases and other sensitive sites.¹⁶

The impact on U.S. economic security, technological competitiveness, and critical infrastructure resilience is profound. The systematic theft of intellectual property directly harms U.S. producers and consumers, degrading the competitiveness and long-term health of American companies and industries.⁷ Chinese efforts to threaten the functionality of U.S. space assets, air traffic control, railroad systems, power plants, and telecommunications are considered an “existential threat”.² Disruptions in these sectors could impede military mobilization and daily life, leading to long-lasting consequences.² The pre-positioning of malware and the potential for physical sabotage directly undermine military readiness and the stable functioning of essential services, posing a significant national security risk.²

China’s “whole-of-society” approach to cyber operations and its discernible shift towards pre-positioning capabilities for kinetic effects are particularly concerning. China’s cyber strategy is not merely a collection of isolated hacking incidents but a coordinated national effort, involving government, military, and state-directed private sector entities.⁷ The evolution from traditional intellectual property theft, primarily for economic gain, to actively implanting malware for disruptive attacks during a crisis ² indicates a more aggressive and potentially escalatory posture. This means China is constructing a formidable cyber arsenal capable of delivering “strategic surprise” ² that could be activated rapidly, presenting a substantial challenge to U.S. deterrence strategies. The integration of cyber capabilities with the potential for physical sabotage ¹⁶ further complicates defensive and response planning. In the context of the “trade war” mentioned in the user query, this cyber dimension amplifies economic competition, as the ability to disrupt an adversary’s economic and military backbone through cyber means becomes a critical factor in global power dynamics. U.S. policy must therefore prioritize hardening critical infrastructure, improving intelligence sharing, and developing clear red lines and response frameworks for cyberattacks that could have real-world, kinetic consequences.

6. Cross-Cutting Themes and Policy Implications

An analysis of cyber threats from state and non-state actors reveals several cross-cutting themes and significant policy implications for the United States.

Commonalities in Threat Actors’ Approaches

A consistent pattern across all major state actors (Iran, Russia, China) and even sophisticated non-state actors (transnational criminal organizations, financially motivated cyber criminals) is the targeting of critical infrastructure. Adversaries recognize that disrupting these sectors can have cascading impacts on U.S. industries, the economy, and public safety.² Another pervasive characteristic is the exploitation of fundamental cybersecurity hygiene gaps, such as “poorly secured networks,” “outdated software,” and the use of “default or common passwords”.⁵ This highlights a shared vulnerability that adversaries consistently leverage. Furthermore, information manipulation and psychological warfare are increasingly prominent. Russia’s extensive disinformation campaigns ¹¹ and Iran’s use of cyber operations for “psychological warfare” ⁵ underscore the growing importance of the information domain in geopolitical competition. Fundamentally, cyber operations offer a cost-effective means for adversaries to challenge U.S. interests, allowing them to achieve strategic objectives while largely avoiding direct military confrontation.¹

The Blurring Lines Between State-Sponsored and Non-State Cyber Activity

The distinction between state-affiliated hacktivists and government-controlled actors, as seen with Iran ¹, or criminal groups “loosely sponsored by the Russian government” ¹³, significantly complicates attribution and response efforts. This creates a strategic ambiguity, often referred to as a “grey zone” of cyber conflict. In this environment, ambiguous attribution makes traditional deterrence strategies, which rely on clear identification of the aggressor for a proportionate response, exceedingly difficult. If the U.S. cannot definitively attribute an attack to a specific state, its ability to respond effectively—whether through sanctions, counter-cyber operations, or diplomatic pressure—is hampered. This ambiguity can potentially embolden adversaries, allowing them to conduct continuous, low-level attacks without triggering a major escalation. Consequently, U.S. policy requires the development of more sophisticated attribution capabilities and flexible response options that can address actions within this grey zone. This includes public naming-and-shaming, fostering collective defense with allies, and working to establish robust international norms against malicious cyber activity, even when direct state sponsorship is challenging to prove.

Psychological and Economic Impacts of Cyber Threats

Beyond direct technical disruption, cyberattacks are increasingly designed to achieve broader psychological and economic objectives. These operations aim to induce “societal panic” ⁷, cause significant “financial losses” ⁵, and create widespread “economic disruption, confusion, and fear”.¹ The economic toll is substantial; for instance, the theft of intellectual property and trade secrets by China alone costs the U.S. economy hundreds of billions of dollars annually.¹⁴

Challenges for U.S. Defense and Deterrence Strategies

The pervasive nature of “Ubiquitous Technical Surveillance” (UTS)—the widespread availability of data and commercial technology—makes it easier for even less sophisticated actors to exploit vulnerabilities, posing what some U.S. officials describe as “existential” risks to national security.⁹ Compounding this challenge is a significant cybersecurity workforce gap within the U.S., which exacerbates vulnerabilities to sophisticated intrusions.¹⁵ Furthermore, internal government audits have revealed that the FBI’s response to UTS threats has been “disjointed and inconsistent,” highlighting a critical need for improved coordination and clearer lines of authority within and between federal agencies.⁸ Finally, the increasing prevalence of “warrant-proof” encryption presents a challenge for law enforcement agencies, hindering their ability to obtain electronic evidence crucial for investigating cyber-enabled crimes and national security threats.¹⁸

The following table provides a structured overview of actor-specific cyber tactics and notable incidents between 2020 and 2025, demonstrating the diverse methods employed by adversaries.

Actor	Key Cyber Tactics	Notable Incidents (2020-2025)
Iran	DDoS campaigns, ransomware, exploiting outdated software/default passwords, intelligence collection (spear-phishing), psychological warfare.	June 2025 advisories on heightened threats to critical infrastructure; targeting of water utilities (late 2023); compromise of email account linked to former U.S. President’s campaign (June 2024); attacks on banks, defense contractors, oil companies (post-U.S. strikes).1
Transnational Criminal Organizations	Ubiquitous Technical Surveillance (UTS), mobile phone exploitation, infiltration of public camera systems, informant tracking.	Sinaloa cartel hired “cybersnoop” to track FBI official, obtain call/geolocation data, and use information to intimidate/kill informants (2018 or earlier, revealed 2025 audit); ransomware attacks on U.S. healthcare payment processor (mid-2024) and water utilities (Oct 2024).7
Russia	Disruptive/destructive malware, disinformation campaigns, generative AI for influence operations, pre-positioning on critical infrastructure.	Power grid disruptions in Ukraine (2015, 2016); massive coordinated attacks on Ukrainian government/financial/satellite networks (pre-2022 invasion); ongoing anti-Ukraine narratives laundered into U.S. audiences (e.g., Storm-1516); fake videos targeting U.S. political figures (late 2024).3
China	Economic espionage, intellectual property theft, pre-positioning malware (Volt Typhoon, Salt Typhoon), LLMs for deception, potential physical sabotage.	“Volt Typhoon” implanting malware in U.S. water/power systems (2024 revelations); “Salt Typhoon” breaching U.S. telecoms (2024 revelations); over 60 CCP-related espionage cases in U.S. (Feb 2021-Dec 2024).2

The following table details the various impacts of these cyber operations on key U.S. critical infrastructure sectors and broader policy areas.

Impact Area	Specific Impact/Consequence	Relevant Actors
Critical Infrastructure	Disruptions to water, power, telecommunications, transportation, and financial systems; pre-positioning for future sabotage.	Iran, Russia, China, Transnational Criminal Organizations.2
Economic Security	Theft of intellectual property and trade secrets; financial losses; degradation of U.S. industrial competitiveness.	China, Transnational Criminal Organizations.1
Law Enforcement	Compromised investigations; intimidation and killing of informants; vulnerabilities in agency operational security.	Transnational Criminal Organizations.8
Democratic Processes	Undermining public trust in institutions; influencing elections; erosion of support for U.S. foreign policy.	Russia, China, Iran.7
National Security	Existential threat from ubiquitous technical surveillance; interference with military deployment; potential for kinetic effects from cyberattacks.	China, Russia, Transnational Criminal Organizations.2

7. Conclusion: Strengthening U.S. Cyber Resilience and Deterrence

The United States confronts a complex and dynamically evolving cyber threat environment, characterized by the persistent actions of sophisticated state actors driven by geopolitical ambitions and non-state actors seeking operational advantage or financial gain. This analysis underscores the critical need for a multi-faceted and adaptive policy response to safeguard national interests.

To strengthen U.S. cyber resilience and deterrence, several key policy imperatives emerge:

• Enhanced Resilience: It is paramount to continuously harden critical infrastructure and significantly improve cybersecurity hygiene across all sectors, both public and private. This involves addressing known vulnerabilities such as outdated software and weak authentication practices, which adversaries routinely exploit.
• Proactive Deterrence: Developing clear red lines for unacceptable cyber behavior, coupled with improved attribution capabilities, is essential. The U.S. must be able to confidently identify aggressors and communicate the consequences of malicious cyber activity to deter future attacks.
• Integrated Response: Fostering seamless collaboration between intelligence agencies, law enforcement, military commands, and private sector entities is crucial. The establishment of unique hubs and joint task forces, such as the National Cyber Investigative Joint Task Force (NCIJTF), exemplifies this necessary team approach to defend networks and impose consequences on adversaries.¹⁸
• Addressing Internal Vulnerabilities: Continuous auditing and improvement of government agencies’ own cyber defenses and information security practices are vital. Lessons from past incidents, such as the FBI’s challenges with Ubiquitous Technical Surveillance, highlight the importance of robust internal security protocols and consistent training.⁸
• International Cooperation: Strengthening partnerships with allies is indispensable for sharing intelligence, coordinating defensive and offensive responses, and collectively working to establish and enforce international norms for responsible state behavior in cyberspace.
• Public Awareness: Educating the public on cyber risks, including the sophisticated tactics of disinformation campaigns, is critical to building societal resilience against foreign malign influence operations.

By embracing these measures, the United States can enhance its ability to detect, defend against, and respond to the diverse and evolving cyber threats that seek to challenge its policies and undermine its security.

References

• AP.org. “After Trump’s win, Russian disinformation aims to drive a wedge between the US and Ukraine,” December 5, 2024.¹²
• APNews.com. “Iranian-backed hackers go to work after US strikes,” (Implied recent date, post-US strikes).¹
• Checkpoint.com. “Live Cyber Threat Map.”.²⁰
• CTVNews.ca. “Mexican drug cartel used hacker to track FBI official, then killed potential informants, U.S. government audit says,” June 28, 2025.⁹
• CyberScoop. “Hacker helped kill FBI sources, witnesses in El Chapo case, according to watchdog report,” June 28, 2025.¹⁰
• Cybersecurity Dive. “US government warns of new Iran-linked cyber threats on critical infrastructure,” June 30, 2025.⁵
• DHS.gov. “2025 Homeland Threat Assessment,” September 30, 2024.¹⁷
• DHS.gov. “National Terrorism Advisory System Bulletin,” June 22, 2025.⁴
• FBI.gov. “Executive Summary China: The Risk to Corporate America,” September 11, 2020.¹⁴
• FBI.gov. “Investigate Cyber.”.¹⁸
• FSI.Stanford.edu. “Russian Cyber Operations Against Ukrainian Critical Infrastructure,” May 11, 2023.¹³
• IC3.gov. “Welcome to the Internet Crime Complaint Center.”.²¹
• ICE.gov. “Combating Transnational Crime.”.²²
• Intelligence.gov. “Annual Threat Assessment of the U.S. Intelligence Community.”.²³
• Intelligence.senate.gov. “2025 Annual Threat Assessment of the U.S. Intelligence Community,” March 2025.⁷
• IndustrialCyber.co. “House Committee report highlights growing threat of Chinese cyber espionage, intellectual property theft,” February 14, 2025.¹⁵
• Microsoft.com/on-the-issues. “Russian US election interference targets support for Ukraine after slow start,” April 17, 2024.¹¹
• NSA.gov. “Press Release,” June 30, 2025.⁶
• RAND.org. “Could China’s U.S. Spies Conduct Physical Sabotage in a Conflict?” April 11, 2025.¹⁶
• Stratcomcoe.org. “Nato-Cyber-Report,” June 11, 2021.³
• The Register. “Drug lords hired cybersnoop to ID and kill FBI informants,” June 30, 2025.⁸
• USIP.org. “The Element of Surprise: Space and Cyber Warfare in U.S.-China Rivalry,” June 18, 2025.²
• USNI.org. “2025 Annual Threat Assessment of the U.S. Intelligence Community,” March 26, 2025.²⁴

Works cited

1. Iranian-backed hackers go to work after US strikes, accessed June 30, 2025, https://apnews.com/article/iran-trump-cybersecurity-hacking-9009bff8425d97366e9423b50fb52edf
2. The Element of Surprise: Space and Cyber Warfare in U.S.-China Rivalry | United States Institute of Peace, accessed June 30, 2025, https://www.usip.org/publications/2025/06/element-surprise-space-and-cyber-warfare-us-china-rivalry
3. RUSSIA’S STRATEGY IN CYBERSPACE – NATO Strategic Communications Centre of Excellence, accessed June 30, 2025, https://stratcomcoe.org/cuploads/pfiles/Nato-Cyber-Report_11-06-2021-4f4ce.pdf
4. National Terrorism Advisory System Bulletin – June 22, 2025 …, accessed June 30, 2025, https://www.dhs.gov/ntas/advisory/national-terrorism-advisory-system-bulletin-june-22-2025
5. US government warns of new Iran-linked cyber threats on critical infrastructure, accessed June 30, 2025, https://www.cybersecuritydive.com/news/iran-cyberattacks-warning-us-government-israel-war/751963/
6. NSA, CISA, FBI, and DC3 Warn Iranian Cyber Actors May Target …, accessed June 30, 2025, https://www.nsa.gov/Press-Room/Press-Releases-Statements/Press-Release-View/Article/4229506/nsa-cisa-fbi-and-dc3-warn-iranian-cyber-actors-may-target-vulnerable-us-network/
7. The Annual Threat Assessment of the U.S. Intelligence Community, accessed June 30, 2025, https://www.intelligence.senate.gov/sites/default/files/2025%20Annual%20Threat%20Assessment%20of%20the%20U.S.%20Intelligence%20Community.pdf
8. Sinaloa drug cartel hired a cybersnoop to identify and kill FBI informants – The Register, accessed June 30, 2025, https://www.theregister.com/2025/06/30/sinaloa_drug_cartel_hired_cybersnoop/
9. Mexican drug cartel used hacker to track FBI official, then killed potential informants, U.S. government audit says – CTV News, accessed June 30, 2025, https://www.ctvnews.ca/world/article/mexican-drug-cartel-used-hacker-to-track-fbi-official-then-killed-potential-informants-us-government-audit-says/
10. Hacker helped kill FBI sources, witnesses in El Chapo case, according to watchdog report, accessed June 30, 2025, https://cyberscoop.com/hacker-helped-kill-fbi-sources-witnesses-in-el-chapo-case-according-to-watchdog-report/
11. Russian US election interference targets support for Ukraine after slow start – Microsoft On the Issues, accessed June 30, 2025, https://blogs.microsoft.com/on-the-issues/2024/04/17/russia-us-election-interference-deepfakes-ai/
12. After Trump’s win, Russian disinformation aims to drive a wedge between the US and Ukraine | The Associated Press, accessed June 30, 2025, https://www.ap.org/news-highlights/spotlights/2024/after-trumps-win-russian-disinformation-aims-to-drive-a-wedge-between-the-us-and-ukraine/
13. Russian Cyber Operations Against Ukrainian Critical Infrastructure | FSI, accessed June 30, 2025, https://fsi.stanford.edu/sipr/russian-cyber-operations-against-ukrainian-critical-infrastructure
14. executive summary china: the risk to corporate america – FBI, accessed June 30, 2025, https://www.fbi.gov/file-repository/china-exec-summary-risk-to-corporate-america-2019.pdf
15. House Committee report highlights growing threat of Chinese cyber espionage, intellectual property theft, accessed June 30, 2025, https://industrialcyber.co/critical-infrastructure/house-committee-report-highlights-growing-threat-of-chinese-cyber-espionage-intellectual-property-theft/
16. Could China’s U.S. Spies Conduct Physical Sabotage in a Conflict? – RAND Corporation, accessed June 30, 2025, https://www.rand.org/pubs/commentary/2025/04/could-chinas-us-spies-conduct-physical-sabotage-in.html
17. Homeland Threat Assessment 2025 – Homeland Security, accessed June 30, 2025, https://www.dhs.gov/sites/default/files/2024-10/24_0930_ia_24-320-ia-publication-2025-hta-final-30sep24-508.pdf
18. Cybercrime – FBI, accessed June 30, 2025, https://www.fbi.gov/investigate/cyber
19. CyberScoop | Breaking Cybersecurity News, Public Sector Threats, accessed June 30, 2025, https://cyberscoop.com/
20. Live Cyber Threat Map | Check Point, accessed June 30, 2025, https://threatmap.checkpoint.com/
21. Home Page – Internet Crime Complaint Center (IC3), accessed June 30, 2025, https://www.ic3.gov/
22. Transnational Gangs – ICE, accessed June 30, 2025, https://www.ice.gov/about-ice/hsi/investigate/transnational-gangs
23. Annual Threat Assessment of the U.S. Intelligence Community – INTEL.gov, accessed June 30, 2025, https://www.intelligence.gov/annual-threat-assessment
24. 2025 Annual Threat Assessment of the U.S. Intelligence Community – USNI News, accessed June 30, 2025, https://news.usni.org/2025/03/26/2025-annual-threat-assessment-of-the-u-s-intelligence-community