Cyber criminals are increasingly helping Russia and China target the US
and allies, Microsoft says
Send a link to a friend
 [October 16, 2024]
By DAVID KLEPPER
WASHINGTON (AP) — Russia, China and Iran are increasingly relying on
criminal networks to lead cyberespionage and hacking operations against
adversaries like the U.S., according to a report on digital threats
published Tuesday by Microsoft.
The growing collaboration between authoritarian governments and criminal
hackers has alarmed national security officials and cybersecurity
experts who say it represents the increasingly blurred lines between
actions directed by Beijing or the Kremlin aimed at undermining rivals
and the illicit activities of groups typically more interested in
financial gain.
In one example, Microsoft's analysts found that a criminal hacking group
with links to Iran infiltrated an Israeli dating site and then tried to
sell or ransom the personal information it obtained. Microsoft concluded
the hackers had two motives: to embarrass Israelis and make money.
In another, investigators identified a Russian criminal network that
infiltrated more than 50 electronic devices used by the Ukrainian
military in June, apparently seeking access and information that could
aid Russia's invasion of Ukraine. There was no obvious financial motive
for the group, aside from any payment they may have received from
Russia.
For nations like Russia, China, Iran and North Korea, which has its own
ties to hacking groups, teaming up with cybercriminals offers a marriage
of convenience with benefits for both sides. Governments can boost the
volume and effectiveness of cyber activities without added cost. For the
criminals, it offers new avenues for profit and the promise of
government protection.
“We’re seeing in each of these countries this trend towards combining
nation-state and cybercriminal activities,” said Tom Burt, Microsoft's
vice president of customer security and trust.
So far there is no evidence suggesting that Russia, China or Iran are
sharing resources with each other or working with the same criminal
networks, Burt said. But he said the growing use of private cyber
“mercenaries” shows how far America's adversaries will go to weaponize
the internet.
Microsoft's report analyzed cyber threats between July 2023 and June
2024, looking at how criminals and foreign nations are using hacking,
spear phishing, malware and other techniques to gain access and control
over a target's system. The company says its customers face more than
600 million such incidents every day.
Russia focused much of its cyber operations on Ukraine, trying to gain
entry into military and government systems and spreading disinformation
designed to undermine support for the war among its allies.
Ukraine has responded with its own cyber efforts, including one last
week that knocked some Russian state media outlets offline.
[to top of second column]
|
Networks tied to Russia, China and Iran have also targeted American
voters, using fake websites and social media accounts to spread
false and misleading claims about the 2024 election. Analysts at
Microsoft agree with the assessment of U.S. intelligence officials
who say Russia is targeting the campaign of Vice President Kamala
Harris, while Iran is working to oppose former President Donald
Trump.
Iran has also hacked into Trump's campaign and sought,
unsuccessfully, to interest Democrats in the material. Federal
officials have also accused Iran of covertly supporting American
protests over the war in Gaza.
Russia and Iran will likely accelerate the pace of their cyber
operations targeting the U.S. as election day approaches, Burt said.
China, meanwhile, has largely stayed out of the presidential race,
focusing its disinformation on down-ballot races for Congress or
state and local office. Microsoft found networks tied to Beijing
also continue to target Taiwan and other countries in the region.
In response, a spokesperson for China's embassy in Washington said
allegations that China partners with cybercriminals are groundless
and accused the U.S. of spreading its own “disinformation about the
so-called Chinese hacking threats."
In a statement, spokesperson Liu Pengyu said that “our position is
consistent and clear. China firmly opposes and combats cyber attacks
and cyber theft in all forms."
Russia and Iran have also rejected accusations that they're using
cyber operations to target Americans. Messages left with
representatives of those three nations and North Korea were not
immediately returned on Monday.
Efforts to disrupt foreign disinformation and cyber capabilities
have escalated along with the threat, but the anonymous, porous
nature of the internet sometimes undercuts the effectiveness of the
response.
Federal authorities recently announced plans to seize hundreds of
website domains used by Russia to spread election disinformation and
to support efforts to hack former U.S. military and intelligence
figures. But investigators at the Atlantic Council's Digital
Forensic Research Lab found that sites seized by the government can
easily and quickly be replaced.
Within one day of the Department of Justice seizing several domains
in September, for example, researchers spotted 12 new websites
created to take their place. One month later, they continue to
operate.
All contents © copyright 2024 Associated Press. All rights reserved |
