Russia, China and Iran are increasingly relying on criminal networks to lead cyberespionage and hacking operations against adversaries like the U.S., according to a report on digital threats published Tuesday by Microsoft. The growing collaboration between authoritarian governments and criminal hackers has alarmed national security officials and cybersecurity experts who say it represents the increasingly blurred lines between actions directed by Beijing or the Kremlin aimed at undermining rivals and the illicit activities of groups typically more interested in financial gain. In one example, Microsoft’s analysts found that a criminal hacking group with links to Iran infiltrated an Israeli dating site and then tried to sell or ransom the personal information it obtained. Microsoft concluded the hackers had two motives: to embarrass Israelis and make money. In another, investigators identified a Russian criminal network that infiltrated more than 50 electronic devices used by the Ukrainian military in June, apparently seeking access and information that could aid Russia’s invasion of Ukraine. There was no obvious financial motive for the group, aside from any payment they may have received from Russia. For nations like Russia, China, Iran and North Korea, which has its own ties to hacking groups, teaming up with cybercriminals offers a marriage of convenience with benefits for both sides. Governments can boost the volume and effectiveness of cyber activities without added cost. For the criminals, it offers new avenues for profit and the promise of government protection. “We’re seeing in each of these countries this trend towards combining nation-state and cybercriminal activities,” said Tom Burt, Microsoft’s vice president of customer security and trust. So far there is no evidence suggesting that Russia, China or Iran are sharing resources with each other or working with the same criminal networks, Burt said. But he said the growing use of private cyber “mercenaries” shows how far America’s adversaries will go to weaponize the internet. Microsoft’s report analyzed cyber threats between July 2023 and June 2024, looking at how criminals and foreign nations are using hacking, spear phishing, malware and other techniques to gain access and control over a target’s system. The company says its customers face more than 600 million such incidents every day. Russia focused much of its cyber operations on Ukraine, trying to gain entry into military and government systems and spreading disinformation designed to undermine support for the war among its allies. Ukraine has responded with its own cyber efforts, including one last week that knocked some Russian state media outlets offline. Networks tied to Russia, China and Iran have also targeted American voters, using fake websites and social media accounts to spread false and misleading claims about the 2024 election. Analysts at Microsoft agree with the assessment of U.S. intelligence officials who say Russia is targeting the campaign of Vice President Kamala Harris, while Iran is working to oppose former President Donald Trump. Iran has also hacked into Trump’s campaign and sought, unsuccessfully, to interest Democrats in the material. Federal officials have also accused Iran of covertly supporting American protests over the war in Gaza. Russia and Iran will likely accelerate the pace of their cyber operations targeting the U.S. as election day approaches, Burt said. China, meanwhile, has largely stayed out of the presidential race, focusing its disinformation on down-ballot races for Congress or state and local […]
Recent Comments