The U.S. Defense Intelligence Agency’s 2025 Worldwide Threat Assessment lays out a stark view of an evolving global threat landscape shaped by an increasingly complex national security threat environment. Apart from traditional military modernization, developments in artificial intelligence (AI), biotechnology, quantum sciences, microelectronics, space, cyber, and unmanned systems rapidly transform the nature of conflict and the global threat landscape. The DIA 2025 Threat Assessment report highlights that adversaries are deepening cooperation, often lending military, diplomatic, and economic support to each other’s conflicts and operations, to circumvent the nation’s instruments of power.
The report also identified that transnational criminal organizations and terrorist groups are exploiting geostrategic conditions to evade authorities. Advanced technology enables foreign intelligence services to target U.S. personnel and activities in new ways. The rapid pace of innovation will only accelerate in the coming years, continually generating means for adversaries to threaten national interests.
“The U.S. Homeland faces an array of threats emanating from strategic competitors and non-state entities seeking to erode U.S. competitive advantage or target U.S. citizens,” according to the DIA’s 2025 Worldwide Threat Assessment. “Our adversaries are developing long-range and novel missile capabilities to target the Homeland, and continue to seek new avenues to threaten our cyber networks and critical infrastructure.”
PLA reorganization signals China’s focus on cyber, space warfare
The DIA 2025 Worldwide Threat Assessment report disclosed that China announced it had realigned the PLA’s Aerospace Force, Cyberspace Force, Information Support Force, and Joint Logistic Support Force directly under the Central Military Commission, which includes President Xi Jinping and other top military leaders. The realignment reinforces the importance PLA leaders place on space, cyberoperations, and EW as asymmetric weapons to paralyze adversaries’ information systems during a conflict.
It identified that China’s space-related activities aim to erode U.S. space superiority and exploit a perceived U.S. reliance on space-based systems to deter and counter intervention in a regional military conflict.
“The move China is investing in space systems that enhance its own Command, Control, Communications, Computers, Cyber, Intelligence, Surveillance, Reconnaissance, and Targeting (C5ISRT) capabilities,” the DIA 2025 Worldwide Threat Assessment added. “China will continue to launch a variety of satellites that substantially enhance its intelligence, surveillance, and reconnaissance (ISR) capabilities; field advanced communications satellites able to transmit large amounts of data; improve its space-based positioning, navigation, and timing capabilities; and deploy new weather and oceanographic satellites.”
The DIA 2025 Worldwide Threat Assessment mentioned that China-led cyberintrusions, including those by the PLA Cyberspace Force and the Ministry of State Security, are targeting information networks around the world, including U.S. government systems, to steal intellectual property and data, and develop access into sensitive networks. “China very likely will continue to use its cyberspace capabilities to support intelligence collection against U.S. academic, economic, military, and political targets and to exfiltrate sensitive information from defense infrastructure and research institutes to gain economic and military advantage.”
It pointed out that since early 2024, the U.S. government has publicly identified efforts by China’s cyber actors to pre-position for cyberattacks on U.S. critical infrastructure. China probably would use its access to attack these systems if it viewed a major conflict with the U.S. as imminent.
Russian hackers target US critical infrastructure while avoiding direct clash
Moving to Russia, the DIA 2025 Worldwide Threat Assessment observed that despite Western provision of lethal aid to Ukraine, Russia almost certainly seeks to avoid direct conflict with NATO because it assesses that it cannot win a conventional military confrontation with the alliance. “However, Moscow remains fully capable of employing asymmetric capabilities against the United States and allies, including cyber and information campaigns, and ultimately possesses an existential threat capability with its strategic nuclear forces that can range the U.S. Homeland.”
Russian state and non-state cyber actors have maintained a high volume of offensive cyberoperations against U.S.-associated target networks. State-sanctioned cyber operations have seemingly prioritized cyberespionage over cyberattacks, targeting sensitive data and intellectual property. For example, between 2023 and 2024, a hacking group attributed to the Russian Foreign Intelligence Service (SVR) exfiltrated terabytes of data from Microsoft’s corporate email system, including correspondence, credentials, and passwords for U.S. government accounts.
Since 2023, this activity has increasingly included pro-Russian non-state cyber hackers conducting cyberattacks against U.S. critical infrastructure. The Cyber Army of Russia Reborn group conducted numerous low-level cyberattacks against U.S. water and energy infrastructure. These cyberattacks against critical infrastructure threaten U.S. national security, economic progress, and public health and safety by potentially disrupting access to water, electricity, gas, and other key utilities.
The DIA 2025 Worldwide Threat Assessment said that since at least January last year, pro-Russian saboteurs have been linked to various arson, sabotage, and assassination plots against military and civilian targets in Europe, in a continued effort to undermine Western cohesion and support to Ukraine. Russia probably views a direct escalation against NATO as counterproductive to its war aims while the overall battlefield slowly trends in its favor, and will instead continue using covert action, information operations, cyber, and proxies in response to Western support for Ukraine.
North Korea exploits cybercrime networks, as Iran escalates regional attacks
The report found that North Korea continues to weaponize cyberspace for profit and espionage. Its cyber operators engage in cryptocurrency theft, ransomware, and hacking-for-hire schemes to generate revenue that circumvents international sanctions.
Beyond financial gain, North Korea has expanded its cyber operations to target foreign officials, academics, and defense and aerospace sectors, likely in pursuit of intelligence on adversary capabilities and policies. These operations also support its weapons development programs. North Korean cyber hackers often work with foreign criminal networks to act as third-party enablers, helping them carry out operations and mask their involvement.
The DIA 2025 Worldwide Threat Assessment noted that during the past year, Iran has also increased cyberattacks, cyberespionage, and information operations against Israel while supporting regional proxies and partners to conduct UAV and missile attacks against Israeli territory.
