Russia, China Enlist Cyber Gangs to Target US and Allies: Microsoft

Bill Pan
By Bill Pan
October 15, 2024Science & Tech
share

Microsoft is urging the United States and its allies to collaborate in deterring state-backed cybercriminals, warning that adversaries such as Russia, China, and Iran are increasingly relying on hackers, who face no “meaningful consequences” for their violations.

Microsoft’s annual digital threats report, published on Oct. 15, looks into cybercriminal activities that occurred between July 2023 and June 2024. The company says its customers face more than 600 million such incidents every day.

Analyzing those attacks, Microsoft said it is seeing “increasingly blurred lines” between actions directed by Moscow or Beijing and those of cybercrime gangs. While these criminal groups usually focus on financial gains, they’re now more involved in advancing the goals of nation-states, aiding in espionage and destabilization efforts aimed at geopolitical rivals.

Russia, for instance, appears to have “outsourced” some of its cyber espionage tasks as its war against Ukraine drags through a third year. In June, a suspected cybercriminal group hacked into at least 50 Ukrainian military devices with no apparent financial incentive. Microsoft said this suggests the hackers were likely operating on behalf of the Russian military.

The report also highlighted North Korea’s use of ransomware, specifically a new variant called “FakePenny,” which was deployed against aerospace and defense organizations after exfiltrating sensitive data. Microsoft indicated that this suggests a dual purpose: gathering intelligence for Pyongyang while also making money.

Iran’s cyber operations have been particularly active against Israel. According to Microsoft, hackers linked to Iran’s Islamic Revolutionary Guard Corps breached Israeli dating websites and offered to remove users’ personal information from the compromised databases for a fee.

Meanwhile, China’s communist regime has intensified its efforts to sow discord ahead of elections in Taiwan and the United States. Microsoft noted that the Chinese Communist Party (CCP) was “emboldened” by its influence campaign during the 2022 U.S. midterm elections.

In January, a CCP-linked influence actor was caught promoting a fake AI-generated audio recording of Taiwanese presidential candidate Terry Gou—founder of electronics giant Foxconn—in which Gou falsely appeared to endorse another candidate. In late April, the same actor launched a social media campaign amid the surge of Gaza War-related protests on American college campuses, posing as students or parents of students involved in the protests to “inject left-leaning messages into right-wing groups.”

“They likely did so to sow conflict about the protests, or perhaps they misunderstood which audiences would be most receptive to their message,” Microsoft said.

The CCP isn’t alone in escalating its cyber operations to create political chaos in the United States as the Nov. 5 election approaches. According to Microsoft, both Russia and Iran have been creating fake news websites and social media accounts filled with AI-generated content designed to spread polarizing and divisive messaging to American voters on opposite ends of the political spectrum.

“The convergence and parallel nature of nation-state operations throughout 2024 underscores just how persistent adversarial states are in their attempts to exert influence over US elections and outcomes,” the report stated. “Left unchecked, this poses a critical challenge to U.S. national security and democratic resilience.”

The report was issued a month after Microsoft vice chair and president Brad Smith told a group of senators that Iranian cyber groups are working to oppose former President Donald Trump, while their Russian counterparts have pivoted to attack the campaign of Vice President Kamala Harris.

“We know that there is a presidential race between Donald Trump and Kamala Harris, but this has also become an election of Iran versus Trump and Russia versus Harris,” Smith said at a Sept. 18 hearing before the Senate’s intelligence committee.

In the Oct. 15 report, Microsoft calls for more robust deterrents to be placed on nation-states as criminals continue to “attack with impunity,” knowing that law enforcement is hampered by the challenges of investigation and prosecution of cross-border crime and often operating from within “safe havens” where authorities turn a blind eye to their violations.

Specifically, the software giant recommends expanding existing deterrents, such as adding individuals and entities to sanctions lists and publicly attributing attacks to specific countries on a multinational scale.

“Governments should embrace as lawful collective countermeasures,” Microsoft said, suggesting that multiple states impose countermeasures in response to illegal cyber operations targeting any one of them.

However, the effectiveness of these deterrents remains questionable. Hackers linked to Russia and North Korea remain active in cyberspace despite heavy sanctions against the two countries. The CCP also regularly denies international accusations of sponsoring cyberattacks, instead portraying itself as a victim of such malicious activities.

China’s and Russia’s embassies, along with representatives from Iran and North Korea in the United States, did not respond to requests for comment.

From The Epoch Times