.jpg?ext=.jpg)
Third Quarter 2025 DCISE Findings
On a quarterly basis, the Defense Industrial Base Collaborative Information Sharing Environment (DCISE) shares results that DIB members voluntarily report regarding cyber incidents. The most recent report is for the third quarter of 2025 (July-September), and the report indicates that threats to DIB companies continue to accelerate and evolve.
Although the report identifies many concerning trends, it also helps organizations who need to comply with CMMC to establish what kinds of threats they need to defend against. Furthermore, it illustrates how to integrate cyber defense throughout the organization to protect the Controlled Unclassified Information that forms the basis of the CMMC framework.
Here are some key takeaways from the 3rd Quarter 2025 DCISE DIB-reported Cyber threats summary.
Phishing has evolved
Phishing is when someone hacks into a system, offers falsified credentials, and then breaches that organization’s cybersecurity environment.
The DOD Cyber Crime Center (DC3) identifies:
- Voice phishing and deepfakes
- AI-enabled personalized phishing
- QR-code phishing (“quishing”)
- Smishing (SMS phishing)
- Employment-themed lures
- Brand impersonation
AI-driven personalization and deepfake voice impersonation make phishing efforts more believable. That means basic awareness training once per year is no longer sufficient.
From a CMMC perspective, this elevates the importance of:
- Continuous security awareness training
- Strong email filtering and domain monitoring
- MFA across all external services
- Conditional access controls
- User behavior monitoring
If your phishing resilience strategy hasn’t been updated to account for AI-assisted attacks, you are defending against yesterday’s threat model.
Ransomware Is Fluctuating
Ransomware is a malicious software that infiltrates a system and demands a cryptocurrency ransom. The report notes:
- 5% of CY25 Q3 mandatory reports involved ransomware
- Ransomware reporting increased 56% from Q2 to Q3
The percentage may appear lower than previous quarters, but the quarter-over-quarter increase is the real signal. Ransomware remains a persistent DIB problem.
Variants of ransomware DIB organizations reported in Q3 include:
Akira, BlackCat, Play, Qilin, World Leaks, and others
Under CMMC Level 2, you must demonstrate:
- Incident detection capability
- Logging and monitoring
- Backup integrity and recovery procedures
- Incident response planning and testing
Ransomware is no longer a “prevent-only” scenario. Assessors will expect to see resilience and recovery planning, not just perimeter defense.
Nation-State Supply Chain Targeting Is Intensifying
Q3 highlights continued activity by bad actors including Silk Typhoon and Salt Typhoon, targeting:
- Cloud environments
- Trusted relationships
- Domain registration infrastructure
- Command and control channels
Silk Typhoon was specifically noted for leveraging trusted cloud relationships and supply chain access paths. This has direct CMMC implications because CMMC is not just about internal systems. It touches:
- Third-party service providers
- Cloud shared responsibility models
- Identity federation
- Vendor access pathways
- Secure configuration of SaaS platforms
If you rely heavily on cloud and managed services you must be able to demonstrate governance over those relationships.
Zero-Day Exploitation Demands Mature Patch Governance
A zero-day attack means the bad actor finds a vulnerability before anyone can patch the weak point. Q3 documents active exploitation of:
- Microsoft SharePoint zero-days (“ToolShell”) affecting at least 54 organizations
- VMware Tools privilege escalation vulnerabilities being exploited in the wild
These are enterprise-grade platforms used throughout the DIB.
CMMC assessors will examine:
- How vulnerabilities are tracked
- How quickly patches are deployed
- Whether patching is risk-ranked
- Whether exceptions are documented and approved
If your vulnerability management program is informal, spreadsheet-driven, or reactive, this report is your warning. Threat actors are exploiting widely deployed enterprise software at scale.
The Bottom Line for Contractors
This DC3 Q3 report is not just intelligence. It is alignment validation for CMMC, and it acts as a loud warning signal for all businesses and organizations in the DIB and beyond.
AI-enabled phishing, ransomware, supply chain compromise, zero-day exploitation, privilege escalation, and more all map directly to controls required under NIST SP 800-171 and enforced through CMMC Level 2.
Contractors who treat CMMC as documentation will struggle.
How is Your Cybersecurity Environment?
Now is the time to assess how your cyber security environment will perform once you are CMMC-certified or as you continue to maintain your certification. Use our CMMC Assessment Checklist to take initial steps in evaluating your cybersecurity stance. If you have questions, please contact Smithers today.