According to a recent threat intelligence assessment by the Insikt Group, domestic violent extremists (DVEs) operating within the United States pose a growing and evolving risk to both public and private sector organizations. Over the next twelve months, the predominant threats from these actors are expected to take the form of targeted attacks against individuals and sabotage of critical facilities—tactics that reflect a shift away from mass-casualty events toward more calculated and disruptive actions.
Targeted Attacks on Personnel: A Tactical Shift
Insikt’s report underscores an emerging trend among DVEs: a focus on individual targets rather than indiscriminate violence. Attackers are becoming more strategic, selecting specific individuals—often government officials, public figures, or members of marginalized communities—as symbols of perceived opposition to their ideological beliefs.
These types of attacks are frequently encouraged within extremist online forums, where successful incidents are glorified and promoted as effective forms of resistance. This tactic allows extremists to generate significant impact and fear while requiring fewer resources than large-scale operations. As a result, targeted violence now represents one of the most likely threats in the coming year.
Facility Sabotage: Infrastructure as a Battlefield
In addition to targeting personnel, DVEs are expected to increasingly pursue acts of sabotage against physical infrastructure and critical facilities. This includes attacks on utilities, defense contractors, healthcare providers, and financial institutions—as well as buildings used by federal, state, and local governments.
These actions are often ideologically driven and aim to erode public confidence, disrupt essential services, or retaliate against perceived injustices. The targets are chosen not only for their symbolic value but also for their operational significance, making sabotage a potentially high-impact tactic for both ideological statement and strategic disruption.
Sectors and Communities at Elevated Risk
Based on current threat indicators, several sectors and population groups may face elevated risk levels:
- Government agencies at all levels, including law enforcement, judiciary, and elected officials
- Critical infrastructure sectors, including energy, healthcare, and finance
- Defense and technology companies, particularly those under government contract
- Minority communities, including racial, ethnic, religious, LGBTQIA+ individuals, and others frequently targeted by extremist rhetoric
Enabling Behaviors and Precursor Activities
While full-scale attacks pose the greatest risk, the Insikt Group emphasizes a wide spectrum of enabling activities that often precede or accompany violent extremism. These include:
- Online threats and radicalization
- Surveillance and reconnaissance efforts
- Stalking, harassment, and doxing of potential targets
- Disruptive demonstrations and false emergency reports (swatting)
Such behaviors may serve as early indicators of planned attacks and warrant continued monitoring by security professionals and threat intelligence teams.
Strategic Implications for 2025
The year ahead is expected to bring increased operational agility from domestic extremist actors. Many will continue to act alone or within small, decentralized networks—fueled by online propaganda and disinformation campaigns—which makes preemptive detection and interdiction more difficult.
Accordingly, law enforcement agencies, public institutions, and private sector entities are strongly encouraged to adopt proactive measures, such as:
- Enhancing physical and cyber threat protections
- Implementing threat awareness and reporting protocols for personnel
- Monitoring for early warning signs of hostile intent or planning activity
- Collaborating across sectors to share intelligence and harden vulnerable targets
