With more than 600 million cyberattacks targeting @Microsoft customers every day, strong and effective cybersecurity protection is our top priority. Read the latest Microsoft Digital Defense Report to learn more https://t.co/XKeSsa0fgf
— Brad Smith (@BradSmi) October 16, 2024
Microsoft reports that Russia, China, and Iran are increasingly collaborating with cybercriminals to conduct cyberespionage and hacking operations against adversaries like the United States. These authoritarian governments are teaming up with criminal hackers, blurring the lines between state-directed actions aimed at undermining rivals and illicit activities typically motivated by financial gain. In one example, Microsoft found that an Iranian-linked criminal hacking group infiltrated an Israeli dating site and attempted to sell or ransom the personal information obtained.
The hackers appeared to have two motives: embarrassing Israelis and making money.
Russia, China and Iran are increasingly relying on criminal networks to lead cyberespionage and hacking operations against adversaries like the U.S., according to a report on digital threats published Tuesday by Microsoft.https://t.co/fgQASHNSQr
— Jason Brodsky (@JasonMBrodsky) October 15, 2024
Another case involved a Russian criminal network that compromised more than 50 electronic devices used by the Ukrainian military in June, likely seeking access and information to aid Russia’s invasion of Ukraine. For Russia, China, and Iran, partnering with cybercriminals offers benefits for both sides.
Nation-state threat actors are conducting operations for financial gain and enlisting the aid of cybercriminals and commodity #malware to collect intelligence. https://t.co/4v2u780Y2S
— Peter Girnus (@gothburz) October 15, 2024
Governments can increase the volume and effectiveness of cyber activities without additional costs, while criminals gain new avenues for profit and the promise of government protection. Tom Burt, Microsoft’s vice president of customer security and trust, stated, “We’re seeing in each of these countries this trend towards combining nation-state and cybercriminal activities.”
Microsoft’s report analyzed cyber threats between July 2023 and June 2024, examining how criminals and foreign nations use techniques to gain access and control over target systems. The company’s customers face more than 600 million such incidents daily.
Cybercriminal collaboration in global espionage
Russia focused much of its cyber operations on Ukraine, attempting to gain entry into military and government systems. Networks linked to Russia, China, and Iran have also targeted American voters, using fake websites and social media accounts to spread false and misleading claims about the 2024 election.
Microsoft analysts agree with U.S. intelligence officials’ assessment that Russia is concentrating its cyber operations on Ukraine, while Iran has also sought to influence American politics. China, meanwhile, has largely stayed out of the presidential race, focusing its disinformation on congressional or state and local offices. In response to these allegations, a spokesperson for China’s embassy in Washington denied the claims, stating that China firmly opposes and combats cyber attacks and cyber theft in all forms.
Russia and Iran have also rejected accusations of using cyber operations to target Americans. Efforts to disrupt foreign disinformation and cyber capabilities have escalated along with the threat, but the anonymous, porous nature of the internet sometimes undercuts the effectiveness of the response. Federal authorities recently announced plans to seize websites used by Russia to spread election disinformation and support efforts to hack former U.S. military and intelligence figures.
However, investigators at the Atlantic Council’s Digital Forensic Research Lab found that sites seized by the government can be easily and quickly replaced, with 12 new websites created within one day of the Department of Justice seizing several domains in September.