On Tuesday, October 15, according to the latest digital defense report released by Microsoft, increasing evidence indicates that China, Russia, Iran, and North Korea are using cybercriminals to conduct cyber attacks and hacking operations against the United States and its allies.
Microsoft’s Vice President of Customer Security and Trust, Tom Burt, stated that Microsoft’s customers face over 6 billion cybercriminal and nation-state attacks every day, ranging from ransomware to phishing and identity attacks.
Burt added that as geopolitical conflicts escalate, the collaboration between authoritarian governments and cybercrime groups is growing closer, with them sharing hacker tools, techniques, and tactics. Governments provide resources or technical support, while criminal groups may carry out specific attack operations.
The report covers data monitored by security personnel on malicious cyber activities from July 2023 to June 2024, analyzing how criminals and authoritarian states use hackers, spear-phishing, malware, and other techniques to access and control target systems.
Burt emphasized the need to curb these malicious cyber activities, calling for attention and commitment to cybersecurity from individual users, business executives, and government leaders, focusing on the infrastructure of cyber defense.
According to the latest report, the Chinese authorities and their supported cybercrime groups have been targeting and intensifying attacks in the Asia-Pacific region, similar to the past few years. Most of China’s threat actions are primarily for intelligence gathering, especially active in the South China Sea region around the Association of Southeast Asian Nations (ASEAN).
Hacker groups such as Flax Typhoon, Granite Typhoon, and Raspberry Typhoon are very active in the region, while Nylon Typhoon continues to target global governments and diplomatic institutions.
Since August 2023, Flax Typhoon has expanded its targets, covering IT and government agencies in the Philippines, Hong Kong, India, and the United States.
Raspberry Typhoon has successfully infiltrated military and law enforcement agencies in Indonesia and the maritime system in Malaysia before a rare joint naval exercise in June 2023 among Indonesia, China, and the United States.
Granite Typhoon has invaded the telecommunications networks of Indonesia, Malaysia, the Philippines, Cambodia, and Taiwan since July 2023. These criminal activities suggest ongoing intelligence gathering by state-supported Chinese cybercriminals, posing a threat to military activities in strategic regions like the South China Sea.
Japan is facing widespread cyber attacks from three state-supported cybercrime organizations: China, Russia, and North Korea.
In recent years, from major corporations to small companies in the supply chain, entities in Japan have experienced large-scale cyber attacks. In response, the Japanese government revised its National Security Strategy in December 2022, acknowledging cybersecurity as a national security issue for the first time. The revised regulations introduced proactive cybersecurity measures to preemptively address potential serious cyberattack risks that could pose national security concerns.
Burt noted that the increasing use of private network “mercenaries” indicates that America’s adversaries are weaponizing cyberspace at all costs.
China has been using fake websites and social media accounts to spread false and misleading information about the 2024 US election. Microsoft analysts agree with US intelligence officials’ assessments that Russia is targeting Vice President Harris’s campaign, while Iran is attempting to oppose former President Trump.
As election day approaches, Russia and Iran may accelerate their cyber actions against the US. Meanwhile, China is focusing its false information on congressional and local elections.
Iran likely operated a network disguised as a news organization distributing polarizing information to American voter groups on presidential candidates, LGBTQ rights, and conflicts in the Middle East.
The report highlights that China has become bolder after influencing activities in the 2022 midterms and is spreading rumors and discord on social media networks ahead of the 2024 presidential elections.
In response to these accusations, a spokesperson for China’s embassy in Washington dismissed the allegations of collaboration with cybercriminals and accused the US of spreading false news about China’s hacker threats.
Russia and Iran also denied accusations of targeting Americans through cyber actions.
Over the past year, Microsoft has observed cybercrime groups affiliated with China using various generative AI technologies to create visually appealing images. Microsoft discovered a range of AI-generated media targeting the US, emphasizing internal discord and criticizing the Biden administration.
Taizi Flood, also known as Spamouflage or Dragonbridge, is one of the most active cybercrime groups in this area, using third-party AI technology for online propaganda, including generating virtual news anchors. The organization disseminates false information on over 175 websites in 58 languages, aiming to boost Beijing’s influence by tarnishing the image of the US.