Russia, China, and Iran are increasingly depending on criminal networks to lead cyberespionage and hacking operations against foes such as the United States, according to a report on digital threats issued by Microsoft on Tuesday.
The growing collaboration between authoritarian governments and criminal hackers has alarmed national security officials and cybersecurity experts, who say it demonstrates the increasingly blurred lines between actions directed by Beijing or the Kremlin to undermine rivals and the illegal activities of groups typically more interested in financial gain.
In one case, Microsoft analysts discovered that a criminal hacking gang linked to Iran penetrated an Israeli dating site and attempted to sell or ransom the personal information it gathered. Microsoft found that the hackers had two motives: to shame Israelis and to gain money.
In another case, investigators discovered a Russian criminal network that entered more than 50 electronic devices used by the Ukrainian military in June, ostensibly seeking access and intelligence to aid Russia’s invasion of Ukraine. Aside from any cash received from Russia, the group had no evident financial objective.
For countries like Russia, China, Iran, and North Korea, which have their own ties to hacking groups, collaborating with cybercriminals provides a convenient solution that benefits both parties. Governments can increase the number and efficacy of cyber actions without incurring additional costs. For criminals, it opens up new options for profit while also promising government protection.
“We’re seeing in each of these countries this trend towards combining nation-state and cybercriminal activities,” said Tom Burt, Microsoft’s vice president of consumer security and trust.
So far, there is no proof that Russia, China, or Iran are sharing resources or collaborating with the same criminal networks, Burt stated. However, he added the expanding use of private cyber “mercenaries” demonstrates how far America’s adversaries will go to weaponize the internet.
Microsoft’s analysis examined cyber threats between July 2023 and June 2024, focusing on how criminals and foreign governments use hacking, spear phishing, malware, and other ways to obtain access and control of a target’s system. According to the corporation, its consumers experience around 600 million such instances each day.
Russia concentrated much of its cyber activities on Ukraine, attempting to obtain access to military and government networks and spreading disinformation to erode support for the conflict among its supporters.
Ukraine has replied with its own cyberattacks, including one last week that brought some Russian official media outlets offline.
Networks linked to Russia, China, and Iran have also targeted American voters, spreading false and misleading information about the 2024 election via phony websites and social media accounts. Analysts at Microsoft agree with US intelligence officials who think Russia is targeting Vice President Kamala Harris’ campaign, while Iran is seeking to defeat former President Donald Trump.
Iran has also hacked Trump’s campaign in a failed attempt to pique the attention of Democrats in the material. Federal officials have also accused Iran of surreptitiously financing American protests against the Gaza war.
As election day approaches, Russia and Iran are likely to step up their cyber activities against the United States, according to Burt.
Meanwhile, China has mostly avoided the presidential contest, focusing its disinformation efforts on down-ballot races for Congress or state and municipal politics. Microsoft discovered that networks related to Beijing continue to target Taiwan and other nations in the area.
In response, a spokeswoman for China’s embassy in Washington stated that charges that China collaborates with hackers are false and accused the US of disseminating “disinformation about the so-called Chinese hacking threats.”
In a statement, spokesman Liu Pengyu stated, “Our position is consistent and clear.” China strongly condemns and combats all types of cyber assaults and theft.
Russia and Iran have also denied allegations that they use cyber operations to target Americans. Messages left with spokespeople from those three countries and North Korea were not immediately returned on Monday.
Efforts to disrupt foreign misinformation and cyber capabilities have grown in tandem with the threat, but the anonymous, porous character of the internet can sometimes undermine the effectiveness of the response.
Federal authorities recently revealed measures to take hundreds of internet domains used by Russia to promote election disinformation and facilitate hacking activities against former US military and intelligence officials. However, analysts from the Atlantic Council’s Digital Forensic Research Lab discovered that webpages taken by the government can be readily rebuilt.
Within one day after the Department of Justice taking multiple domains in September, analysts discovered 12 new websites that had been launched to replace them. They are still operating one month later.
