Microsoft is urging the United States and its allies to collaborate in deterring state-backed cybercriminals, warning that adversaries such as Russia, China, and Iran are increasingly relying on hackers who face no “meaningful consequences” for their violations.
Analyzing those attacks, Microsoft stated that it is seeing “increasingly blurred lines” between actions directed by Moscow or Beijing and those of cybercrime gangs. While these criminal groups usually focus on financial gains, they’re now more involved in advancing the goals of nation-states, aiding in espionage and destabilization efforts aimed at geopolitical rivals.
Russia, for instance, appears to have “outsourced” some of its cyberespionage tasks as its war against Ukraine drags through a third year. In June, a suspected cybercriminal group hacked into at least 50 Ukrainian military devices with no apparent financial incentive. Microsoft stated that this suggests that the hackers were likely operating on behalf of the Russian military.
The report also highlighted North Korea’s use of ransomware, specifically a new variant called “FakePenny,” which was deployed against aerospace and defense organizations after it exfiltrated network data. Microsoft indicated that this suggests a dual purpose: gathering intelligence for Pyongyang while also making money.
Iran’s cyber operations have been particularly active against Israel. According to Microsoft, hackers linked to Iran’s Islamic Revolutionary Guard Corps breached Israeli dating websites and offered to remove users’ personal information from the compromised databases for a fee.
China’s communist regime has intensified its efforts to sow discord ahead of elections in Taiwan and the United States. Microsoft noted that the Chinese Communist Party (CCP) was “emboldened” by its influence campaign during the 2022 U.S. midterm elections.
In January, a CCP-linked influence actor was caught promoting a fake AI-generated audio recording of Taiwanese presidential candidate Terry Gou—founder of electronics giant Foxconn—in which Gou falsely appeared to endorse another candidate. In late April, the same actor launched a social media campaign amid the surge of Gaza War-related protests on American college campuses, posing as students or parents of students involved in the protests to “inject left-leaning messages into right-wing groups.”
“They likely did so to sow conflict about the protests, or perhaps they misunderstood which audiences would be most receptive to their message,” Microsoft stated.
The CCP isn’t alone in escalating its cyber operations to create political chaos in the United States as the Nov. 5 election approaches. According to Microsoft, both Russia and Iran have been creating fake news websites and social media accounts filled with AI-generated content designed to spread polarizing and divisive messaging to American voters on opposite ends of the political spectrum.
“The convergence and parallel nature of nation-state operations throughout 2024 underscores just how persistent adversarial states are in their attempts to exert influence over U.S. elections and outcomes,” the report reads. “Left unchecked, this poses a critical challenge to U.S. national security and democratic resilience.”
“We know that there is a presidential race between Donald Trump and Kamala Harris, but this has also become an election of Iran versus Trump and Russia versus Harris,” Smith said at a Sept. 18 hearing before the Senate’s intelligence committee.
In the Oct. 15 report, Microsoft called for more robust deterrents to be placed on nation-states as criminals continue to “attack with impunity,” knowing that law enforcement is hampered by the challenges of investigation and prosecution of cross-border crime that often originates from within “safe havens” where authorities turn a blind eye to their violations.
Specifically, the software giant recommended expanding existing deterrents, such as adding individuals and entities to sanctions lists and publicly attributing attacks to specific countries on a multinational scale.
“Governments should embrace as lawful collective countermeasures,” Microsoft said, suggesting that multiple states impose countermeasures in response to illegal cyber operations targeting any one of them.
The Chinese and Russian embassies, along with representatives from Iran and North Korea in the United States, did not respond to requests for comment.