Microsoft is urging the United States and its allies to collaborate in deterring state-backed cybercriminals, warning that adversaries such as Russia, China, and Iran are increasingly relying on hackers, who face no ”meaningful consequences” for their violations. Microsoft’s annual digital threats report, published on Oct. 15, looks into cybercriminal activities that occurred between July 2023 and June 2024. The company says its customers face more than 600 million such incidents every day.
Analyzing those attacks, Microsoft said it is seeing ”increasingly blurred lines” between actions directed by Moscow or Beijing and those of cybercrime gangs. While these criminal groups usually focus on financial gains, they’re now more involved in advancing the goals of nation-states, aiding in espionage and destabilization efforts aimed at geopolitical rivals.
Russia appears to have ”outsourced” some of its cyber espionage tasks as its war against Ukraine drags through a third year. In June, a suspected cybercriminal group hacked into at least 50 Ukrainian military devices with no apparent financial incentive. Microsoft said this suggests the hackers were likely operating on behalf of the Russian military.
The report also highlighted North Korea’s use of ransomware, specifically a new variant called “FakePenny,” which was deployed against aerospace and defense organizations after exfiltrating sensitive data. Microsoft indicated that this suggests a dual purpose: gathering intelligence for Pyongyang while also making money.
Iran’s cyber operations have been particularly active against Israel. According to Microsoft, hackers linked to Iran’s Islamic Revolutionary Guard Corps breached Israeli dating websites and offered to remove users’ personal information from the compromised databases for a fee.
Meanwhile, China’s communist regime has intensified its efforts to sow discord ahead of elections in Taiwan and the United States. Microsoft noted that the Chinese Communist Party (CCP) was “emboldened” by its influence campaign during the 2022 U.S. midterm elections.
In January, a CCP-linked influence actor was caught promoting a fake AI-generated audio recording of Taiwanese presidential candidate Terry Gou—founder of electronics giant Foxconn—in which Gou falsely appeared to endorse another candidate. In late April, the same actor launched a social media campaign amid the surge of Gaza War-related protests on American college campuses.
“The convergence and parallel nature of nation-state operations throughout 2024 underscores just how persistent adversarial states are in their attempts to exert influence over US elections and outcomes,” the report stated.
The report calls for more robust deterrents to be placed on nation-states as criminals continue to “attack with impunity.” Specifically recommended are expanding existing deterrents such as adding individuals and entities to sanctions lists and publicly attributing attacks to specific countries on a multinational scale.
However effective these deterrents may be remains questionable as hackers linked to Russia and North Korea remain active despite heavy sanctions against them.