WASHINGTON — Russia, China and Iran are increasingly relying on criminal networks to lead cyber espionage and hacking operations against adversaries like the US, according to a digital threats report published by Microsoft on Tuesday.
The growing collaboration between authoritarian governments and criminal hackers has alarmed national security officials and cybersecurity experts. They say it represents the increasingly blurred lines between actions by Beijing or the Kremlin aimed at undermining rivals and the illegal activities of groups typically more interested in financial gain.
In one example, Microsoft analysts discovered that a criminal hacking group with links to Iran infiltrated an Israeli dating site and then attempted to sell or ransom the personal information it obtained. Microsoft concluded that the hackers had two motives: to embarrass Israelis and to make money.
In another investigation, investigators identified a Russian criminal network that infiltrated more than fifty electronic devices used by the Ukrainian military in June, apparently seeking access and information that could aid Russia’s invasion of Ukraine. There was no apparent financial motive for the group, other than any payments they may have received from Russia.
For countries like Russia, China, Iran And North Korea, which has its own ties to hacking groupsWorking with cyber criminals offers a marriage of convenience with benefits for both parties. Governments can increase the volume and effectiveness of cyber activities without additional costs. For the criminals, it offers new opportunities for profit and the promise of government protection.
“We see this trend in each of these countries towards combining national and cybercriminal activities,” he says Tom BurtMicrosoft’s vice president of customer security and trust.
So far, there is no evidence to suggest that Russia, China or Iran are sharing resources with each other or working with the same criminal networks, Burt said. But he said the increasing use of private cyber mercenaries shows how far America’s adversaries will go in weaponizing the Internet.
Microsoft’s report analyzes cyber threats between July 2023 and June 2024, looking at how criminals and foreign countries are using cyber threats. hacking, spearphishing, malware and other techniques to gain access to and control over a target’s system. The company says its customers experience more than 600 million such incidents every day.
Russia focused much of its cyber operations on Ukraine, attempting to gain access to military and government systems and proliferate disinformation intended to undermine support for the war among his allies.
Ukraine has responded with its own cyber effortsincluding one last week that took some Russian state media offline.
Networks linked to Russia, China and Iran have also targeted American voters, using fake websites and social media accounts to spread false and misleading claims about the 2024 election. Analysts at Microsoft agree with the assessment of US intelligence officials who say Russia is targeting Vice President Kamala Harris’ campaignwhile Iran is working on it opposes former President Donald Trump.
Iran also hacked Trump’s campaign and tried unsuccessfully to interest Democrats in the material. Federal officials have also accused Iran of covertly supporting the Americans protests against the war in Gaza.
Russia and Iran are likely to accelerate the pace of their cyber operations against the US as election day approachesBurt said.
China, meanwhile, has largely stayed out of the presidential race and focused its disinformation on it down-ballot races for Congress or state and local office. Microsoft found that networks connected to Beijing also continue to be targeted Taiwan and other countries in the region.
In response, a spokesperson for the Chinese embassy in Washington said allegations that China is collaborating with cybercriminals are baseless and accused the US of spreading its own “disinformation about so-called Chinese hacking threats.”
In a statement, spokesperson Liu Pengyu said that “our position is consistent and clear. China strongly opposes and combats cyber attacks and cyber theft in all forms.”
Russia and Iran have also rejected accusations that they are using cyber operations to attack Americans. Messages left with representatives of those three countries and North Korea were not immediately returned Monday.
Efforts to disrupt foreign disinformation and cyber capabilities have escalated along with the threat, but the anonymous, porous nature of the internet sometimes undermines the effectiveness of the response.
Federal authorities recently announced plans to seize hundreds of website domains used by Russia to spread election disinformation and support efforts to hack former U.S. military and intelligence figures. But researchers at the Atlantic Council’s Digital Forensic Research Lab found that sites seized by the government can be easily and quickly replaced.
Within one day after the Justice Department seized several domains in September, investigators discovered twelve new websites that had taken their place. They remain active a month later.