Cyberattacks Nearly Double During Government Shutdown
Since the government shutdown began on October 1st, cyberattacks targeting U.S. federal employees have surged 85%, according to data from The Media Trust, first reported by Dark Reading. With critical agencies paused, workers furloughed, and essential personnel continuing without pay, threat actors are taking full advantage of an unprecedented window of opportunity.
A Rapid Escalation of Threat Activity
New data from The Media Trust shows that federal networks and employees are on track to face more than 555 million cyberattacks in October, an 85% increase from September’s already elevated baseline. The surge began just before the shutdown and spiked immediately once operations were halted.
Unlike broad phishing campaigns, most of these incidents involve targeted attacks through websites, mobile applications, and digital advertising channels. Researchers emphasize that these interactions are designed to directly engage government workers, rather than simply blanket inboxes with generic spam.
Financial Strain Becomes an Attack Surface
Cybercriminals are exploiting the financial uncertainty facing thousands of unpaid government employees, deploying deceptive campaigns promising quick income, debt relief, or temporary employment. These schemes often lead to credential harvesting or malware infections, using emotional and financial distress as leverage.
The risks extend beyond the shutdown itself. An employee compromised at home today could later reintroduce malicious software or stolen credentials into federal systems once normal operations resume. These delayed threats create the potential for long-term infiltration and lateral movement across agency networks.
VA and DOJ Face the Heaviest Pressure
The Media Trust reports that the Department of Veterans Affairs (VA) and Department of Justice (DOJ) have been the most heavily targeted agencies during the first weeks of October. Both maintain high percentages of essential staff, 96.8% at the VA and 90% at the DOJ, who continue working despite the shutdown. Reduced morale, unpaid labor, and minimal staffing combine to create ideal conditions for mistakes and overlooked indicators of compromise.
While the White House has advised agencies to maintain cybersecurity operations to protect federal property, the majority of the Cybersecurity and Infrastructure Security Agency (CISA) workforce remains furloughed. With so many defenders offline and critical agencies stretched thin, the shutdown’s true cost may be measured not in today’s incidents, but in the vulnerabilities that go unnoticed for months.
Long-Term Fallout Beyond the Shutdown
Experts warn that the damage from this shutdown may outlast the immediate disruption. Extended downtime slows modernization projects, interrupts vulnerability management cycles, and leaves critical systems exposed. The shutdown also erodes trust between agencies and employees, particularly as federal workers question the stability of their roles.
Recruiting and retaining cybersecurity professionals in government has been a persistent challenge, and the current instability is likely to deepen that talent gap. In parallel, the expiration of key cybersecurity legislation, such as the Cybersecurity Information Sharing Act of 2015 (CISA 2015) and the State and Local Cybersecurity Grant Program (SLCGP), further weakens coordination between agencies and private sector partners.
Combined, these pressures are eroding the resilience of federal cybersecurity at a structural level. The attacks happening today may be visible in numbers, but the greater risk lies in what is taking root quietly: compromised credentials, delayed response, and an accelerating loss of institutional trust that will persist long after the shutdown ends.
