U.S. states hit in 2025 campaigns

Major cyberattacks hit state and local government systems in at least 44 U.S. states during 2025, according to a House Homeland Security Committee threat snapshot released on October 31, 2025. (homeland.house.gov 1) (homeland.house.gov 2) The committee said the incidents stretched from St. Paul, Minnesota, to Mission, Texas, and came as cyber information-sharing authorities and a federal state grant program were lapsing in Washington. (homeland.house.gov) (therecord.media) St. Paul became one of the clearest examples on July 29, 2025, when Mayor Melvin Carter declared a local state of emergency after a cyberattack forced the city to shut down information systems. Gov. Tim Walz activated the Minnesota National Guard the same day, saying the city’s response capacity had been exceeded. (kstp.com) City officials later said the attack was ransomware. BleepingComputer reported that the Interlock gang claimed responsibility and said it had stolen more than 66,000 files totaling 43 gigabytes, though Mayor Carter said St. Paul did not pay a ransom. (bleepingcomputer.com) (stpaul.gov) St. Paul said public safety systems stayed operational, but online payments, library internet access, permitting tools, phones and other city services were disrupted for weeks. The city said on April 1, 2026, that it expected full restoration soon after restoring more than 75% of systems by October 22, 2025. (stpaul.gov) The 44-state figure does not mean one coordinated hack hit every state at once. The House snapshot described a year in which separate attacks by criminal and state-linked actors repeatedly struck public-sector networks across the country. (homeland.house.gov) Federal agencies have drawn a separate warning about Chinese state-backed groups that quietly burrow into infrastructure and wait. In a February 2024 advisory, the Cybersecurity and Infrastructure Security Agency, the Federal Bureau of Investigation and the National Security Agency said Volt Typhoon was seeking to pre-position inside U.S. critical infrastructure for disruptive or destructive attacks during a crisis. (cisa.gov 1) (cisa.gov 2) CISA and international partners issued another advisory on September 3, 2025, saying China-linked actors were compromising telecommunications, government, transportation, lodging and military infrastructure networks worldwide and modifying routers to keep long-term access. (cisa.gov) Congressional Republicans tied the 2025 state and local attacks to the lapse of the Cybersecurity Information Sharing Act of 2015 and the end of the State and Local Cybersecurity Grant Program on October 1, 2025. The Record reported the grant program had provided $1 billion to states and localities. (therecord.media) (route-fifty.com) The through line is that one set of attacks caused immediate outages in cities and counties, while another set aimed to sit quietly inside networks until a future confrontation. St. Paul showed what the visible kind looks like when local government has to pull systems offline to keep essential services running. (kstp.com) (stpaul.gov)