Week of Sunday, March 22, 2026

On March 18, the Office of the Director of National Intelligence released the 2026 Annual Threat Assessment before the Senate Select Committee on Intelligence. Director of National Intelligence Tulsi Gabbard presented the findings. The document is the intelligence community's annual public accounting of who threatens the United States and how.

This year's version reads differently from its predecessors. The 2024 assessment described a "fragmented landscape of state competition." The 2025 report identified how threats "reinforce one another through adversarial cooperation and shared enablers." The 2026 assessment goes further, describing a "fully interconnected threat ecosystem" in which adversaries "align capabilities and objectives to amplify pressure on the United States" and "contest U.S. advantages continuously across multiple domains rather than only in periods of crisis or conflict." The progression across three years is clear. Threats are no longer isolated, no longer episodic. They are coordinated and constant.

China dominates the assessment. The intelligence community calls it the "most active and persistent cyber threat" to U.S. critical infrastructure and the "most capable competitor" in artificial intelligence. Beijing is "driving AI adoption at scale" using its talent pool, government funding, and what the report calls "burgeoning global partnerships." AI is no longer treated as an emerging risk. The report calls it "a defining technology for the 21st century" and notes it "has been used in recent conflicts to influence targeting and streamline decision-making." In August 2025, cyber actors used an AI tool to conduct a data extortion operation against government, healthcare, and religious institutions. The intelligence community elevated AI, autonomy, and space systems from supporting capabilities to what one analysis called "central drivers of power and risk."

On Taiwan, the assessment states that Chinese leaders "do not currently plan to execute an invasion of Taiwan in 2027" and have no fixed unification timeline. That finding will be misread as reassurance. It shouldn't be. China proposed a 7% defense budget increase to $277 billion for 2026. People's Liberation Army air incursions around Taiwan hit a record 5,709 sorties in 2025, roughly 15 per day. Chinese cyberattacks on Taiwan's critical infrastructure averaged 2.63 million per day, up 113% from 2023, targeting energy, hospitals, emergency services, and the semiconductor fabrication complexes where companies like Taiwan Semiconductor Manufacturing Company produce over 90% of the world's most advanced chips. The processors in your servers, your employees' laptops, your medical devices, your industrial controllers. If sustained cyberattacks disrupt those fabrication plants, the global chip shortage of 2021 will look like a minor delay. Beijing does not need to invade. It is testing whether Taiwan's systems, infrastructure, and political will can be degraded without firing a shot.

The assessment contains two notable gaps. There is no mention of foreign election interference threats, a departure from every prior year. Gabbard told senators the intelligence community found no evidence of foreign threats to November's midterm elections. And her prepared testimony claimed Iran's nuclear program was "obliterated" by U.S. strikes, while the assessment itself stated Iran was "intending to try to recover from the devastation" before Operation Epic Fury began. The distance between the prepared statement and the assessment's own language drew pointed questions from senators in both parties.

On March 20, China's Foreign Ministry called for an immediate end to the war in the Middle East, warning that the "still widening war" harms the "common interests of all countries." Spokesman Lin Jian said "force is not the solution to problems and armed conflict will only breed new hatred." Beijing demanded unimpeded energy flows from the Persian Gulf and positioned itself as the responsible voice calling for restraint while the United States conducts airstrikes across Iran.

The timing was deliberate. The Trump-Xi summit, originally scheduled for March 31 in Beijing, had been postponed days earlier. President Trump told reporters he needed to remain in Washington to oversee Operation Epic Fury and pushed the meeting out five to six weeks, to mid-May. He tied the delay to a demand: China should help reopen the Strait of Hormuz. Beijing never formally confirmed the original visit and showed no sign of being troubled by the postponement. CNN's analysis was blunt: the delay gives China a stronger hand. Bloomberg put it more directly: it "buys China time to game out Iran war."

While Washington fights a war that costs billions per week and dominates the president's schedule, Beijing is playing a longer game. Chinese-flagged vessels have passed freely through the Strait of Hormuz since Iran began its selective blockade, reportedly because of Beijing's "supportive stance." China is the largest buyer of Iranian oil. It is also the largest buyer of Saudi oil, the largest trading partner in the Gulf, and the largest trading partner in South America. Every week the war continues, the economic cost to the United States and its allies grows. Every week the summit slides, China has more time to negotiate from a position of strength on trade, tariffs, and Taiwan.

Last week we reported that oil was near $99 a barrel and the Strait of Hormuz was under selective blockade. Both numbers got worse. On March 14, commercial traffic through the strait fell to zero. Brent crude, the international benchmark price for oil, is now trading between $106 and $119 per barrel, up more than 40% from $72 before the war began. Liquefied natural gas prices are up roughly 60%.

The strait handles 20% of global oil and gas supply. Eighty-four percent of the crude that passes through it is destined for Asia. When Iran struck a liquefied natural gas facility in Qatar this week, it demonstrated that the disruption is not limited to shipping lanes. Production infrastructure is now a target. Saudi Arabia shut down two major offshore fields and cut output by two million barrels per day as the blockade left nowhere to export the oil. Goldman Sachs projects prices could stay in triple digits for years if the strait remains contested. The Defense Intelligence Agency assessed that Iran has the capability to keep it shut for one to six months.

The effects are reaching places most people are not watching. In Nigeria, petrol prices jumped 35%. Mediterranean Shipping Company, the world's largest container line, imposed war risk surcharges of $2,000 to $4,000 on cargo bound for West Africa. Nigeria depends on maritime transport for more than 80% of its international trade. Shipping firms are already considering whether to pivot vessels from West African routes to more lucrative European ones, where the surcharges are even higher. The United Nations International Maritime Organization opened an emergency session this week to discuss establishing a safe maritime corridor. The International Monetary Fund warned that sustained disruption could push inflation to 4% in the eurozone and 3% in the United States.

On March 19, Bloomberg reported that North Korea's foreign exchange earnings have reached their highest level since before the 2018 round of United Nations sanctions that were supposed to choke off the regime's revenue. The sanctions are still in place. Not working, but in place.

The money comes from three streams. The largest is arms sales to Russia. A report published March 17 by the Institute for National Security Strategy, a South Korean government-affiliated think tank, estimated that North Korea earned between $7.67 billion and $14.4 billion from military support to Russia between August 2023 and December 2025. That includes ammunition, ballistic missiles, and troop deployments. Roughly 12,000 North Korean soldiers are fighting in Russia's war against Ukraine. The troop deployment alone has generated an estimated $620 million over that period, including compensation Russia pays for soldiers killed in combat.

The second stream is cyber operations. North Korea's state-sponsored hacking groups generate more than $1 billion annually through cryptocurrency theft, ransomware, and financial fraud. That figure has been consistent for several years. What changed this week is the third stream. On March 12, the Office of Foreign Assets Control at the US Treasury Department sanctioned six North Korean IT workers who earned $800 million in 2024 by posing as remote software developers at Western companies. Three Americans were sentenced the same week for helping facilitate the scheme, which places North Korean operatives in legitimate IT jobs at companies that do not realize who they have hired.

China is accelerating the trend. Trade between China and North Korea hit a nine-year record in January and February 2026. Air China announced it will resume direct flights between Beijing and Pyongyang on March 30, the first scheduled commercial air service between the two countries in years. The regime is not just surviving sanctions. It is building new revenue channels faster than the international community can shut them down.

Last week we covered Handala's wiper attack on Stryker Corporation, the medical device manufacturer that initially reported 200,000 systems destroyed across 79 countries. This week, three separate forces closed in on the company at once.

On March 18, the Cybersecurity and Infrastructure Security Agency published an advisory directly referencing the Stryker incident. The agency issued three recommendations: implement role-based access control with least privilege, require multi-factor authentication with conditional access policies, and require dual-administrator approval before any device management action can execute across an enterprise. Reporting from the initial attack suggested Handala used Stryker's own Microsoft Intune environment to push an operating system reset across enrolled devices. A single compromised administrator account wiped every managed device in the company. CISA's third recommendation is designed to make that impossible.

The next day, the FBI seized Handala's websites. The group responded publicly with defiance, claiming the Stryker attack was retaliation for a US airstrike on a girls' school in Minab, Iran. The seizure disrupted the group's public communication channels but did not stop its operations. Palo Alto Networks' Unit 42 continues to track Handala as a front for Void Manticore, an Iranian Ministry of Intelligence and Security operation.

Then came the lawyers. Class action lawsuits have been filed against Stryker on behalf of patients whose surgeries were delayed because the company could not fulfill orders for custom implants. Stryker revised the scope of the attack downward, from 200,000 devices to approximately 80,000, and says core systems are recovering. But Bloomberg reported that patients waiting on implants that only Stryker manufactures are still waiting. The lawsuits argue the company failed to adequately protect systems that patients depend on.

And underneath all of it, the detail that reframes the entire incident. Stryker does not carry cyber insurance. A $22 billion Fortune 500 medical device company absorbed a state-linked destructive cyberattack with no policy in place. Every dollar of recovery, every lawsuit, every day of lost revenue comes out of the company's own balance sheet. Last week we reported that Lloyd's of London war exclusion clauses may leave companies without coverage for state-backed attacks. Stryker skipped that debate entirely. It never bought the policy.

On March 13, Brazilian President Luiz Inácio Lula da Silva revoked the visa of Darren Beattie, a State Department official serving as senior advisor for Brazil policy, after Beattie attempted to visit former Brazilian President Jair Bolsonaro in prison. Bolsonaro is serving a 27-year sentence for his role in a coup plot. The move was reciprocal. The Trump administration had denied a visa to Brazil's health minister weeks earlier. US-Brazil relations are at their lowest point in decades.

The visa dispute is a symptom of something larger. The Western Hemisphere is splitting into two camps. The United States has been building what officials call the "Shield of the Americas," a security and economic framework anchored by allies like Argentina, Ecuador, and El Salvador. Brazil is building its own. Lula hosted Bolivia's president this month and signed security and energy cooperation agreements. He called Mexico's president to coordinate on trade and diplomatic priorities separate from the US-led framework. The hemisphere's two largest economies are pulling in opposite directions, and the rest of the region is choosing sides.

China is filling the gap. Secretary of State Marco Rubio warned in an interview this month that the United States is falling behind China in Latin America. Panama withdrew from China's Belt and Road Initiative under US pressure but lost control of two strategic ports in the process. Beijing's infrastructure investments across the region bring economic influence, supply chain dependencies, and intelligence collection access. Chinese advanced persistent threat groups tracked under the names Vixen Panda, Liminal Panda, and Aquatic Panda are active in the region. The further US-Brazil relations deteriorate, the more room China has to operate.