The Office of the Director of National Intelligence (ODNI) identified in its 2025 Annual Threat Assessment of the U.S. intelligence community that Russia, China, Iran and North Korea, individually and collectively, are challenging U.S. interests in the world by attacking or threatening others in their regions, with asymmetric and conventional hard power tactics and promoting alternative systems to compete with the U.S., primarily in trade, finance, and security. The 2025 Threat Assessment report highlights that a wide range of foreign actors are targeting U.S. health and safety, critical infrastructure, industries, wealth, and government. It emphasizes that state adversaries and their proxies are also trying to weaken and displace U.S. economic and military power in their regions and across the globe.
The ODNI said in its report that a range of cyber and intelligence actors target wealth, critical infrastructure, telecom, and media. Nonstate groups are often enabled, both directly and indirectly, by state actors, such as China and India, as sources of precursors and equipment for drug traffickers. “State adversaries have weapons that can strike U.S. territory or disable vital U.S. systems in space for coercive aims or actual war. These threats reinforce each other, creating a vastly more complex and dangerous security environment.”
It added that both state and nonstate actors pose multiple immediate threats to the Homeland and U.S. national interests. “Terrorist and transnational criminal organizations are directly threatening our citizens. Cartels are largely responsible for the more than 52,000 U.S. deaths from synthetic opioids in the 12 months ending in October 2024 and helped facilitate the nearly three million illegal migrant arrivals in 2024, straining resources and putting U.S. communities at risk.”
The ODNI 2025 Threat Assessment report detailed financially motivated cyber criminals continue to prey on inadequately defended U.S. targets, such as healthcare systems and municipal governments, that could have a broad impact on the U.S. populace and economy. Others have conducted attacks on critical infrastructure, disrupting utility company business networks or manipulating poorly secured control systems.
In mid-2024, ransomware actors attacked the largest payment processor for U.S. healthcare transactions, hampering prescriptions and causing extended delays in accessing electronic health records, patient communications, and medication ordering systems and forcing some ambulances to divert patients to other hospitals. Also, U.S. water infrastructure has become a more common target.
Last October, criminal actors conducted cyber attacks against both large and small water utilities in the U.S., possibly inspired by attacks against water infrastructure by Russian hacktivists and Iranian cyber actors in 2023 that had little effect but drew substantial publicity.
The ODNI noted that the PRC remains the most active and persistent cyber threat to the U.S. government, private sector, and critical infrastructure networks. “The PRC’s campaign to preposition access on critical infrastructure for attacks during crisis or conflict, tracked publicly as Volt Typhoon, and its more recently identified compromise of U.S. telecommunications infrastructure, also referred to as Salt Typhoon, demonstrates the growing breadth and depth of the PRC’s capabilities to compromise U.S. infrastructure.”
It added that if Beijing believed that a major conflict with Washington was imminent, it could consider aggressive cyber operations against U.S. critical infrastructure and military assets. Such strikes would be designed to deter U.S. military action by impeding U.S. decision-making, inducing societal panic, and interfering with the deployment of U.S. forces.
The ODNI 2025 Threat Assessment report mentioned that China is using an aggressive, whole-of-government approach, combined with state direction of the private sector, to become a global S&T superpower, surpass the United States, promote self-reliance, and achieve further economic, political, and military gain. Beijing has prioritized technology sectors such as advanced power and energy, AI, biotechnology, quantum information science, and semiconductors, further challenging U.S. efforts to protect critical technologies by tailoring restrictions narrowly to address national security concerns.
“China is accelerating its S&T progress through a range of licit and illicit means, to include investments, intellectual property acquisition and theft, cyber operations, talent recruitment, international collaborations, and sanctions evasion,” the 2025 Threat Assessment report observed. “Some forecasts indicate China’s technology sectors will account for as much as 23 percent of its gross domestic product by 2026, more than doubling since 2018. In addition to private funding, the PRC government is investing hundreds of billions of dollars in priority technologies, such as AI, microelectronics, and biotechnologies, in pursuit of its self-reliance goals.”
It also recognized that China almost certainly has a multifaceted, national-level strategy designed to displace the United States as the world’s most influential AI power by 2030. China is experiencing a boom in generative AI with the rapid emergence of a large number of PRC-developed models and is broadly pursuing AI for smart cities, mass surveillance, healthcare, S&T innovation, and intelligent weapons.
The report expects that the PRC will likely continue posturing to be in a position of advantage in a potential conflict with the United States. The PRC will continue trying to press Taiwan on unification and will continue conducting wide-ranging cyber operations against U.S. targets for espionage and strategic advantage. China will likely struggle to constrain the activities of PRC companies and criminal elements that enable the supply and trafficking of fentanyl precursors and synthetic opioids to the United States, absent greater law enforcement actions.
Also, China’s military operations to project power over Taiwan and its efforts to assert sovereignty claims in the South and East China Seas occur routinely with confrontations that increase the concern of miscalculations potentially leading to conflict. China has demonstrated the ability to compromise U.S. infrastructure through formidable cyber capabilities that it could employ during a conflict with the U.S.
The ODNI 2025 Threat Assessment report detailed that Russia’s advanced cyber capabilities, its repeated success compromising sensitive targets for intelligence collection, and its past attempts to pre-position access on U.S. critical infrastructure make it a persistent counterintelligence and cyber attack threat. Moscow’s unique strength is the practical experience it has gained integrating cyber attacks and operations with wartime military action, almost certainly amplifying its potential to focus combined impact on U.S. targets in time of conflict.
Also, Russia has demonstrated real-world disruptive capabilities during the past decade, including gaining experience in attack execution by relentlessly targeting Ukraine’s networks with disruptive and destructive malware.
The report also observed that Russia continues to train its military space elements and field new anti-satellite weapons to disrupt and degrade U.S. and allied space capabilities. It is expanding its arsenal of jamming systems, directed energy weapons (DEWs), on-orbit counterspace capabilities, and ASAT missiles designed to target U.S. and allied satellites. Russia is using EW to counter Western on-orbit assets and continues to develop ASAT missiles capable of destroying space targets in LEO.
The ODNI 2025 Threat Assessment report identified that Russia will continue to be able to deploy anti-U.S. diplomacy, coercive energy tactics, disinformation, espionage, influence operations, military intimidation, cyberattacks, and gray zone tools to try to compete below the level of armed conflict and fashion opportunities to advance Russian interests.
It also mentioned that Iranian investment in its military has been a key plank of its efforts to confront diverse threats and try to deter and defend against an attack by the U.S. or Israel. Iran continues to bolster the lethality and precision of its domestically produced missile and UAV systems, and it has the largest stockpiles of these systems in the region. It considers them critical to its deterrence strategy and power projection capability, and Iran uses their sales to deepen global military partnerships. Iran’s growing expertise and willingness to conduct aggressive cyber operations also make it a major threat to the security of U.S. and allied and partner networks and data.
Iran’s growing expertise and willingness to conduct aggressive cyber operations make it a major threat to the security of U.S. networks and data. Guidance from Iranian leaders has incentivized cyber actors to become more aggressive in developing capabilities to conduct cyber attacks.
Iran often amplifies its influence operations with offensive cyber activities. During the Israel-HAMAS conflict, U.S. private industry tracked Iranian influence campaigns and cyber attacks. In June 2024, an IRGC actor compromised an email account associated with an individual with informal ties to then-former President Trump’s campaign and used that account to send a targeted spear-phishing email to individuals inside the campaign itself. The IRGC subsequently tried to manipulate U.S. journalists into leaking information illicitly acquired from the campaign.
“North Korea is funding its military development—allowing it to pose greater risks to the United States—and economic initiatives by stealing hundreds of millions of dollars per year in cryptocurrency from the United States and other victims,” the ODNI 2025 Threat Assessment report noted. “Looking forward, the North may also expand its ongoing cyber espionage to fill gaps in the regime’s weapons programs, potentially targeting defense industrial base companies involved in aerospace, submarine, or hypersonic glide technologies.”
The ODNI 2025 Threat Assessment report states that Iran has become a key military supplier to Russia, especially of UAVs, and in exchange, Moscow has offered Tehran military and technical support to advance Iranian weapons, intelligence, and cyber capabilities. “North Korea has sent munitions, missiles, and thousands of combat troops to Russia to support the latter’s war against Ukraine, justified as fulfilling commitments made in the Treaty on Comprehensive Strategic Partnership that Pyongyang and Moscow announced in June 2024.”
