The Office of the Director of National Intelligence’s Annual Threat Assessment 2026 makes clear that cyberspace is now a primary arena of conflict, with state and non-state actors actively targeting U.S. interests. Foreign cyber operations pose a direct and persistent threat to government and private-sector networks, as adversaries blend espionage, disruption, and influence into coordinated campaigns. Hacker groups linked to China, Russia, Iran, and North Korea, alongside ransomware groups, continue to threaten critical infrastructure at scale. These operations are deliberate and sustained, aimed at embedding access within key systems to enable disruption during periods of conflict or crisis.
The ODNI report assesses that these cyber adversaries can pre-position or execute disruptive and destructive attacks against U.S. critical infrastructure and other targets. They continue to pour resources into operations to compromise U.S. systems and core global IT resources.
China is the most active and persistent cyber threat to the U.S. government, private-sector, and critical infrastructure networks, while Russia poses a persistent, advanced cyber attack and foreign intelligence threat. Both countries are continuing their R&D and pre-positioning efforts to advance their premier cyber attack capabilities for use against the U.S. China has also shown its ability to compromise U.S. infrastructure through formidable cyber capabilities for both espionage and strategic advantage in the event of a conflict.
Meanwhile, Iran poses a threat to U.S. networks and critical infrastructure in the form of cyber espionage and cyber attacks. Iran’s cyber operators have previously used cyber attacks to effect against poorly defended targets and weaker opponents, such as Albania.
“Iran maintains a persistent intent to target the U.S. and its allies and partners with cyber operations despite the challenges it faced most recently on display during the 12-Day War in 2025, during which Tehran struggled to defend itself against Israeli cyber attacks and to respond in kind,” the ODNI reported. “We note that Iranian proxies and hacktivists outside of Iran will also seek cyber-enabled operations against U.S. targets but these probably will be less technically advanced. On 11 March, a hacking group linked to Iran claimed responsibility for a cyber attack against a U.S. medical technology company in retaliation for U.S. attacks against Iran. The hacking group claimed that it had erased 200,000 systems and extracted 50 terabytes of data from the company.”
North Korea’s cyber program, combined with Pyongyang’s use of IT workers with falsified credentials to gain employment with unwitting companies, is sophisticated and agile, and North Korea is capable of conducting espionage, cybercrime, and cyber attacks. It is focused on evading financial sanctions, stealing funds to support its military, and conducting cyber espionage to fill gaps in the regime’s weapons programs. Pyongyang’s cyber forces are capable of achieving a variety of strategic objectives against diverse targets, including in the U.S. and South Korea, while its growing use of human insider access to circumvent cybersecurity measures threatens targets with stronger defensive measures.
Additionally, cryptocurrency heists and other financial crimes also continue to net at least $1 billion each year to fund the regime’s weapons programs. North Korean cyber actors’ expansion of ransomware attacks and other cybercriminal activities increases the disruptive threat to the U.S. IT systems and critical infrastructure entities.
ODNI reported that financially or ideologically motivated nonstate actors, such as ransomware groups, other cyber criminals, and hacktivists, are taking more aggressive cyber attack postures. Ransomware attacks in particular harm U.S. critical infrastructure and business operations, leading to operational disruptions, loss of revenue, and loss and theft of sensitive data. Ransomware groups are shifting to faster, high-volume attacks, making it harder for security experts to identify and mitigate incidents.
The ODNI report warns that sustaining global leadership in artificial intelligence is critical to preserving U.S. first-mover advantage, even as rapid advances by rival powers erode both economic competitiveness and national security edge.
AI’s influence is set to deepen across industries and operational domains in the years ahead. In defense, it is already shaping modern warfare, used in recent conflicts to support targeting and accelerate decision-making. Its potential extends further, from enabling weapons and systems design to shaping offensive and defensive cyber operations and increasing the autonomy of uncrewed systems. In intelligence, AI is transforming analysis by allowing agencies to process vast datasets at speed and generate new insights on complex national security challenges.
That said, the report underscores that these gains come with material risks. Expanding AI autonomy without rigorous human oversight and engineering controls could introduce unintended consequences, making careful risk mitigation essential before broad deployment.
The agency also accounted for the fact that disruptive attacks against space services have become more common and probably will be normalized during crises or periods of strained relations between nations. Adversaries are using jammers against U.S. satellites, and the risks stemming from cyber attacks against satellite communications are also growing as global reliance on digital systems expands the number of exploitable cyber vulnerabilities associated with space services.
The ODNI report expects that a conflict between China and Taiwan may disrupt U.S. access to trade and semiconductor technology critical to the global economy. “If the U.S. were to intervene, it probably would face significant but recoverable disruptions to its transportation sector from Chinese cyber attacks. Even without Washington’s involvement, U.S. and global economic and security interests would face significant and costly consequences, with tech supply chains disrupted and investor fear across markets. In addition, a protracted war with the U.S. risks unprecedented economic costs to the U.S., Chinese, and global economies.”
Offering a strategic overview of North Korea, the ODNI report notes that North Korea’s WMD, conventional military capabilities, illicit cyber activities, and demonstrated willingness to use asymmetric capabilities to attack South Korea and the U.S. pose significant threats to the U.S. and its allies, particularly South Korea and Japan. “Increased trade after the pandemic, income from selling munitions to Russia, and illicit cyber activities, including cryptocurrency thefts, have boosted North Korea’s foreign currency revenue generation to its highest levels since before extensive sanctions were imposed in 2018.”
Earlier this month, the U.S. published ‘President Trump’s Cyber Strategy for America,’ outlining the administration’s priorities to ensure the country remains unrivaled in cyberspace. The strategy calls for stronger coordination between the government and the private sector to invest in advanced technologies, sustain innovation, and strengthen the nation’s cyber capabilities for offensive and defensive operations. The National Cyber Strategy includes six policy pillars that underpin the strategy, guide its implementation, and define measures of success.
