The People’s Republic of China (PRC) poses the biggest cyber threat to the United States, according to the Annual Threat Assessment of the U.S. Intelligence Community.
The Office of the Director of National Intelligence (ODNI) published the 31-page report on Tuesday, which explains that the PRC will continue conducting cyber operations against U.S. targets “for both espionage and strategic advantage.”
“The PRC remains the most active and persistent cyber threat to U.S. government, private-sector, and critical infrastructure networks,” the report says.
“The PRC’s campaign to preposition access on critical infrastructure for attacks during crisis or conflict, tracked publicly as Volt Typhoon, and its more recently identified compromise of U.S. telecommunications infrastructure, also referred to as Salt Typhoon, demonstrates the growing breadth and depth of the PRC’s capabilities to compromise U.S. infrastructure,” it adds.
In February 2024, the Cybersecurity and Infrastructure Security Agency (CISA), FBI, and other agencies issued an advisory warning that a PRC-affiliated threat actor Volt Typhoon had compromised multiple U.S. critical infrastructure organizations.
In October, a report from the Wall Street Journal revealed that Salt Typhoon – a PRC-affiliated threat actor – may have accessed the wiretapping systems that carriers AT&T, Verizon, and Lumen maintain for the benefit of law enforcement agencies.
CISA later confirmed the hack, noting the intrusion had targeted political figures, including then-presidential candidates Donald Trump and Kamala Harris, as well as then-vice presidential candidate JD Vance.
A report from CISA’s Cybersecurity Advisory Committee published late last year revealed that the U.S. Federal government and critical infrastructure entities are not equipped to withstand a cyber conflict with China.
This week’s threat assessment raises a similar concern, noting that China could leverage cyber operations to cause chaos in the United States.
“If Beijing believed that a major conflict with Washington was imminent, it could consider aggressive cyber operations against U.S. critical infrastructure and military assets,” the report says. “Such strikes would be designed to deter U.S. military action by impeding U.S. decision-making, inducing societal panic, and interfering with the deployment of U.S. forces.”
Tulsi Gabbard, the Director of National Intelligence, testified before Congress on Tuesday to discuss the report. She told lawmakers that cybercriminals are using a variety of tactics – including phishing, ransomware, and denial-of-service attacks – to disrupt U.S. systems and steal lucrative information.
“Ransomware actors last year, for example, attacked the largest payment processor for U.S. healthcare transactions, and another set of criminal actors conducted cyberattacks against U.S. water utilities,” Gabbard said.
“Some of these non-state cyber actors also operate as proxies for or emulate similar activities carried out by major state actors,” she added. “While these non-state cyber actors often seek financial and intellectual property gains, they also carry out cyber operations for espionage purposes, targeting our critical infrastructure.”
In addition to cybersecurity, the report also highlights China’s recent AI efforts. It notes that the country is experiencing a boom in generative AI “with the rapid emergence of a large number of PRC-developed models.”
Notably, the report says that “China almost certainly has a multifaceted, national-level strategy designed to displace the United States as the world’s most influential AI power by 2030.”
