People's Republic of China Threat Overview and Advisories
CISA works to ensure U.S. critical infrastructure, government partners, and others have the information and guidance to defend themselves against Chinese State-Sponsored cybersecurity risks.
CISA works to ensure U.S. critical infrastructure organizations, government entities, and other partners have the information and guidance to defend themselves against People’s Republic of China (PRC) state-sponsored cybersecurity risks.
Threat Environment
The 2025 Annual Threat Assessment of the U.S. Intelligence Community by the Office of the Director of National Intelligence highlights the persistent cyber threats posed by the People's Republic of China (PRC) to U.S. government, private-sector, and critical infrastructure networks. PRC-linked cyber actors, such as Volt Typhoon and Salt Typhoon, exhibit tactics and target selection that extend beyond traditional cyber espionage or intelligence-gathering operations.
CISA, NSA, and FBI assess that PRC actors are positioning themselves within information technology networks, enabling lateral movement to operational technology systems—the hardware and software that control critical infrastructure. This positioning allows them to disrupt critical functions at a time of their choosing. A recent breach of U.S. telecommunications infrastructure by PRC actors underscores the growing scope and sophistication of PRC cyber capabilities. CISA continues to address a wide range of PRC state-sponsored cybersecurity threats.
Collaboration in Action
CISA is actively countering the evolving cyber threats posed by PRC state-sponsored actors through strategic initiatives to strengthen the defense of U.S. critical infrastructure. By working closely with U.S. government agencies, international partners, and industry stakeholders, CISA is fostering a more secure cyberspace, making it increasingly difficult for PRC threat actors to execute large-scale compromises.
Key CISA initiatives to actively strengthen defenses against PRC-affiliated cyber threat actors include:
- Facilitating public-private collaboration to leverage private sector partner visibility and capabilities, collectively defending against PRC-affiliated cyber threat actors by hardening network edge devices.
- Providing cybersecurity capabilities, services, and tools to address the most pressing and prevalent threats.
- Partnering to investigate and mitigate zero-day and n-day exploitation of network edge devices by sophisticated PRC-affiliated cyber threat actors.
- Strengthening cloud infrastructure on a large scale.
- Collaborating with Sector Risk Management Agencies and critical infrastructure owners/operators to address sector-specific challenges, including those affecting the nation's pipeline infrastructure, aviation sector, and water/wastewater sector.
CISA and Joint CISA Advisories
Review China-specific advisories here.
Countering Chinese State-Sponsored Actors
This advisory was crafted in response to PRC state-sponsored APT actors exploiting vulnerabilities in backbone telecommunications infrastructure to establish long-term, covert access to sensitive systems.
Key Resources
Defending Against Nation-State Cyber Threats
Find more information on nation-state adversaries and related resources.
Physical Security
Find preventative and protective strategies to strengthen physical security.
Securing Public Gatherings
Find more information on mitigating security risks associated with public gatherings.
CISA Voluntary Cyber Incident Reporting
This resource is designed to help entities that may be considering voluntarily reporting cyber incidents understand “who” CISA recommends report an incident, “why and when” CISA recommends they report, as well as “what and how to report.”