The report names ransomware groups, North Korea, China, Russia, and Iran as persistent threats to US critical infrastructure.
The 2026 ATA names “cyber actors from China, Russia, Iran, North Korea, and ransomware groups” as persistent threats to US critical infrastructure. These groups were also listed as threats to the US in the 2025 ATA, and since that publication last March, all have worked to target critical infrastructure. An October 2025 report from KELA found that, as ransomware attacks on critical infrastructure organizations increased 34% globally, 21% of all global incidents occurred in the US. Almost half of all the ransomware attacks included key sectors like healthcare, energy, transportation, and manufacturing. The ODNI also credits the worsening ransomware situation to a shift “to faster, high-volume attacks, making it harder for security experts to identify and mitigate incidents.” In November 2025, several Russian companies were sanctioned for their work supporting ransomware groups attacking the US, the United Kingdom, and Australia.
According to the assessment, North Korea’s “sophisticated and agile” cyber program poses a considerable threat to the US. North Korean IT workers have used tools from witting and unwitting US-based facilitators to gain access to US company networks and dodge financial sanctions. North Korean hackers are also often behind large cryptocurrency thefts to support the country’s weapons programs. The 2026 attack on Drift Protocol, stealing 285 million USD, is also believed to have been organized by North Korean hackers. These actors laid in wait for weeks before the attack, creating legitimacy for a false token, in order to pull off the heist within 15 minutes.
China, “the most active and persistent cyber threat to U.S. Government, private-sector, and critical infrastructure networks,” has been holding onto this title since the 2022 ODNI Annual Threat Assessment. 2025 was an especially active year for China-sponsored threat actors, with the Salt Typhoon hack expanding into US universities, attempts to infiltrate the House Select Committee on China by impersonating the chairman, and the F5 hack that exposed more than 269,000 devices across 85% of companies in the Fortune 500.
Iran’s designation as a cyber threat to the US seems especially pertinent with the current US-Israel war on the country. The report references the 12-Day War in 2025, where Iran “struggled to defend itself against Israeli cyber attacks and to respond in kind”, a bit of a contrast from the cyber capabilities that have been seen this year. Iran-linked hackers have compromised 50 public cameras in Israel, an old personal email of FBI Director Kash Patel, and even a US medtech company, Stryker. Even with a tenuous ceasefire arrangement, Iran may still conduct serious cyber attacks. The ODNI does not seem too concerned about all Iran-associated hacks, however: “We note that Iranian proxies and hacktivists outside of Iran will also seek cyber-enabled operations against U.S. targets but these probably will be less technically advanced.”
The technology challenges that the 2026 ATA addresses are artificial intelligence (AI) and quantum computing. AI was also featured heavily in the 2025 ATA, in the sections about China and Russia. This year’s report continues to recognize that “China is the most capable competitor in the AI space, and aims to displace the U.S. as the global AI leader by 2030.” The report asserts that since “AI is a defining technology for the 21st century,” the US needs to be a global leader in AI to keep a first-mover advantage. Pushing for US AI leadership has been a motivation for the Trump administration’s lack of AI regulation. In his first five days back in the office, President Trump said Biden’s previous executive order “hinder[ed] AI innovation and impose[d] onerous and unnecessary government control over the development of AI.” The ODNI still argues that “it is essential to make sure that humans maintain control of the machines and how AI is used”, so perhaps some AI regulation may become a goal for the government.
Quantum computing did not make an appearance in the 2025 ATA, but is identified as an opportunity for “an extraordinary technological advantage”. Quantum computing is an “emergent field of computer science and engineering” that is expected to surpass modern supercomputers by doing complex calculations in much less time. The field has been receiving more buzz as the possibility of a cryptographically relevant quantum computer (CRQC) could seriously damage the encryption methods protecting sensitive data in many sectors. Several countries in the EU, along with the US, China, Japan, and the UK are each working towards making key developments in quantum computing to be the next world leader.
Compared to the 2025 ODNI Threat Assessment, the 2026 ODNI Threat Assessment shows that not too much has changed in the cyber threat space. Russia, North Korea, Iran, and China remain the biggest threats, and AI continues to be a critical tool. Still, there have been some key differences between the years. China has become even more active, along with Iran-associated hackers who are acting in response to the war. Quantum computing has also become a new area for the US to watch for development in. Hopefully, the information in the threat assessment will help the country’s acting cyber leaders as they coordinate defense efforts.