NEWS AND ANALYSIS:
Director of National Intelligence Tulsi Gabbard, in the coming days, is expected to release declassified intelligence documents on the origin of the COVID-19 virus — a disclosure that comes after years of disputed and controversial assessments on whether the pandemic originated in a Chinese laboratory or came from a wild animal.
“DNI Gabbard is actively working to declassify information about the COVID-19 pandemic before her departure on June 30,” an ODNI official told Inside the Ring.
Ms. Gabbard has cited personal reasons for stepping down and will be replaced by William J. Pulte, the head of the Federal Housing and Finance Agency, as acting director. Mr. Pulte has been asked by the president to downsize ODNI.
The CO|VID-19 document release is required under a section of the fiscal 2026 Defense Authorization Act that calls for intelligence agencies to review and release information on the pandemic within 180 days. That deadline is Tuesday.
The law requires specific types of information to be made public, including research conducted at the Wuhan Institute of Virology, where several intelligence agencies believe the virus leaked.
Data on research at other medical or scientific research centers in China must also be made public.
Also required are documents on China’s gain-of-function research and the goal of the research that is known to have been conducted at the Wuhan laboratory.
China’s gain-of-function research included enhancing virus transmission that could be used for both medical vaccine research and biological weapons work, according to past intelligence reports.
The intelligence documents to be released also must include information on funding sources for China’s research on coronaviruses and its foreign sources.
The documents will also address the “possibility of zoonotic origins of COVID-19,” such as whether the virus jumped naturally from animals to humans.
Intelligence related to Chinese efforts to disrupt or obstruct information sharing or investigations into the virus origins and to disrupt the sharing of medically significant information on COVID transmissibility and potential harm to humans is also to be revealed, according to the defense law.
Details on China’s efforts to limit the sharing of virus origin information with the United Nations and the World Health Organization must be declassified, as well as information on Beijing’s obstruction of efforts to share data on the virus within China, the law states.
The documents must include intelligence on China’s efforts to pressure or lobby foreign governments, journalists, medical researchers, U.S. officials or officials of international organizations regarding the source, transmissibility or other attributes of SARS–CoV–2, the formal name for the virus.
Information is required to be declassified about official Chinese efforts to disrupt government or private-sector research and development for vaccines, and information about those who promoted “alternative narratives” on COVID origins.
The documents are to be released publicly and provided to Congress in unredacted form.
U.S. intelligence agencies were sharply divided over COVID origins during the first outbreak in 2019. Most agencies, led by the CIA, promoted the theory of a natural outbreak for several years, with a laboratory leak deemed less likely.
Intelligence agencies also insisted in their published reports that COVID was not created as a biological weapon or genetically engineered.
The first assessment in 2021 leaned toward a natural origin from an animal, with four agencies saying a lab leak was slightly possible.
But under congressional pressure to examine more closely the possibility of a laboratory origin, the CIA in January 2025 reversed course.
The agency stated with low confidence that the lab origin is more likely. “CIA assesses with low confidence that a research-related origin of the COVID-19 pandemic is more likely than a natural origin based on the available body of reporting,” the CIA said.
China’s obstruction of information, including details on the early form of the virus, has limited intelligence agencies’ ability to make a solid conclusion.
Critics have charged that COVID origin information is being covered up to hide U.S. government complicity in China’s virus research in Wuhan.
Treasury sanctions nine Chinese for Iran arms sales
Chinese companies were targeted with economic sanctions on Wednesday for supplying weapons to Iran’s Islamic Revolutionary Guards Corps and defense ministry, the Treasury Department announced.
Treasury’s Office of Foreign Assets Control slapped the sanctions on nine people and companies in China and Hong Kong that were said to be helping the IRGC and the Iranian Ministry of Defense and Armed Forces Logistics to buy weapons. The sanctions are part of a financial pressure campaign against Iran called Economic Fury.
“Through Economic Fury, the Treasury Department is disrupting the foreign procurement networks that support the Iranian military’s efforts to acquire weapons,” Treasury Secretary Scott Bessent said in a statement. “Treasury has frozen the Iranian regime’s assets, severely disrupted its economy, and dismantled the Iranian war machine. Treasury will not tolerate any support of the Iranian military.”
The sanctions announcement provides new information on China’s close weapons and military relationship with Iran. Both governments have called their ties a comprehensive strategic partnership.
Those targeted with the sanctions include a Hong Kong-based company that worked as part of what the Treasury said is Iran’s clandestine banking network that sought weapons procurement-related transactions.
The sanctions were imposed in a bid to cripple Iranian weapons production and proliferation capabilities that threaten U.S. and allied security, the statement said.
Last month, Treasury also targeted IRGC procurement networks for supplying arms and supporting an Iranian organization called the Center for Innovation and Technology Cooperation that coordinates technology acquisition and sought to buy man-portable air defense missiles from China.
U.S. intelligence agencies reported earlier this year that China was preparing to send the shoulder-fired missiles to Iran through a third country.
According to U.S. officials, the missiles that were transferred to Iran included Chinese FN-6 anti-aircraft missile systems.
President Trump told reporters in April that if the missile sale goes through, “China is going to have big problems.” China denied it planned to send missiles to Iran.
Those sanctioned include several directors of Chinese companies, including Mustad Ltd. and a subsidiary in Shanghai called Mustad Shanghai International Trade Co. Ltd. The Iranian procurement network used the Hong Kong company called Domus Trading HK Ltd. to facilitate payments for arms, Treasury said.
Other Chinese companies linked to the illicit arms network were identified as Solos International Limited that facilitated weapons procurement for MODAFL, and Shangshun Hong Kong Ltd., also a MODAFL supplier.
The Treasury sanctions are largely symbolic and block U.S. companies from doing business with the companies.
Analysts have described such actions as part of a “name and shame” strategy.
“The ultimate goal of sanctions is not to punish, but to bring about a positive change in behavior,” the statement said.
In a related development, the State Department designated four entities in Iran and Belarus in a bid to disrupt Iranian overseas arms procurement.
One of the Belarus companies, Armory Alliance, worked as a cutout for Chinese companies in facilitating Iran’s purchase of hundreds of shoulder-fired missiles.
Also sanctioned is the Iranian Center for Innovation and Technology Cooperation that helped Tehran buy satellite imagery to support “kinetic strikes by Iranian armed forces,” the State Department said in a statement.
“CITC coordinated with the Iranian Ministry of Intelligence and Security about striking locations within and around a facility hosting U.S. armed forces in late March 2026,” the statement said.
“The facility was subsequently targeted by an Iranian attack in late March 2026, resulting in the injury of U.S. service members.”
CITC head Sajjad Ahadzadeh was involved in buying the shoulder-fired missiles, the statement said.
Security firm says China stepping up AI tech cybertheft
Chinese hackers are increasing cyberattacks aimed at stealing advanced artificial intelligence technology in the United States, according to a report by the security company CrowdStrike.
The goal of the targeted technology theft is to boost China’s development of AI in its battle against U.S. AI development programs, the report said.
“China-nexus adversaries are escalating espionage against technology organizations to steal the AI capabilities and intellectual property they cannot build fast enough on their own,” the company said in a statement.
Chinese hackers were linked to more than 58% of state-sponsored targeted cyberattacks aimed at tech companies, especially seeking access to targeted AI assets, the CrowdStrike report said.
American restrictions on China’s access to advanced AI microchips have limited Beijing’s development, while indigenous AI models are attempting to lower costs.
China-linked cyberattacks targeted government communications in Southeast Asia and “maintained persistent access” to North American tech organizations by taking advantage of vulnerabilities, the report said.
Beijing government-linked hacking groups are stealing valuable AI technology through a variety of cyberoperations code-named Murky Panda, Mustang Panda, Overcast Panda and Sunrise Panda and Warp Panda, each focused on different hacking methods.
“Murky Panda’s password-spraying campaign alone impacted more than 340 U.S.-based entities,” the report said.
Password spraying involves cyberattacks by hackers using a single, commonly used password against many different user accounts, rather than trying multiple passwords against a single account.
The method avoids triggering automatic account lockouts while finding weak access credentials.
“China runs cyberespionage as industrial policy to try to close the AI innovation gap, demonstrating that AI capabilities are the prize adversaries are after,” said Adam Meyers, head of counter-adversary operations at CrowdStrike.
“Whether you’re building AI or adopting it, security has to be built in from the start.”
The report also said North Korea is using AI and U.S. front companies to obtain remote access in technology companies.
North Korean hackers used “AI-enhanced personas” for the operations and CrowdStrike research said Pyongyang cyber operations channeled illicit revenue directly into North Korean weapons programs.
• Contact Bill Gertz on X @BillGertz.
Contact the author
Please read our comment policy before commenting.