Cybercriminals are increasingly helping Russia and China

WASHINGTON — Russia, China and Iran are increasingly relying on criminal networks to conduct cyber espionage and hacking operations against adversaries like the United States, according to a digital threat report released Tuesday by Microsoft.

The increasing collaboration between authoritarian governments and criminal hackers has worried national security officials and cybersecurity experts, who say it reflects the increasingly blurring lines between Beijing- or Kremlin-led moves to undermine rivals and the illegal activities of groups more typically focused on financial gain.

In one example, Microsoft analysts found that a criminal hacking group with ties to Iran infiltrated an Israeli dating website and then attempted to sell or ransom the obtained personal information. Microsoft concluded that the hackers had two motives: to embarrass the Israelis and to make money.

In another case, investigators identified a Russian criminal network that infiltrated more than 50 Ukrainian military electronic devices in June, apparently seeking access and information that could support Russia’s invasion of Ukraine. There was no apparent financial motive for the group, other than a payment it may have received from Russia.

RELATED: Don’t be ‘easy targets’: Program aims to strengthen cyber resilience for small businesses in MD

For countries like Russia, China, Iran and North Korea, which has its own ties to hacking groups, working with cybercriminals is a marriage of convenience with benefits for both sides. Governments can increase the scope and effectiveness of cyber activities at no additional cost. For criminals, it offers new opportunities for profit and the promise of state protection.

“We’re seeing this trend in each of these countries of combining nation-state and cybercriminal activity,” said Tom Burt, Microsoft’s vice president of customer security and trust.

So far there is no evidence that Russia, China or Iran share resources with each other or work with the same criminal networks, Burt said. But he said the increasing use of private cyber “mercenaries” shows how far America’s adversaries will go to weaponize the Internet.

Microsoft’s report analyzed cyber threats between July 2023 and June 2024 and examined how criminals and foreign nations used hacking, spear-phishing, malware and other techniques to gain access and control over a target’s system. According to the company, its customers face more than 600 million such incidents every day.

Russia focused much of its cyber operations on Ukraine, attempting to penetrate military and government systems and spread disinformation to undermine support for the war among its allies.

RELATED: HCC workforce development, craft center meets growing need

Ukraine has responded with its own cyberattacks, including one last week that knocked some Russian state media offline.

Networks linked to Russia, China and Iran have also targeted American voters, using fake websites and social media accounts to spread false and misleading claims about the 2024 election. Microsoft analysts echo the assessment of U.S. intelligence officials who say Russia is targeting Vice President Kamala Harris’ campaign while Iran is working against former President Donald Trump.

Iran also hacked into Trump’s campaign and tried unsuccessfully to interest Democrats in the material. Federal officials have also accused Iran of secretly supporting American protests against the war in Gaza.

Russia and Iran are likely to accelerate the pace of their cyber operations against the U.S. as Election Day approaches, Burt said.

China, meanwhile, has largely stayed out of the presidential race, focusing its disinformation on down-ballot contests for Congress or state and local offices. Microsoft noted that Beijing-linked networks continue to target Taiwan and other countries in the region.

In response, a spokesman for the Chinese Embassy in Washington said claims that China was collaborating with cybercriminals were baseless and accused the US of spreading its own “disinformation about the so-called Chinese hacking threats.”

In a statement, spokesman Liu Pengyu said: “Our position is consistent and clear. China firmly opposes and combats cyber attacks and cyber theft in all forms.”

Russia and Iran have also denied allegations that they are using cyber operations against Americans. Messages left for representatives of those three nations and North Korea were not immediately returned Monday.

Efforts to disrupt foreign disinformation and cyber capabilities have increased with the threat, but the anonymous, porous nature of the internet sometimes undermines the effectiveness of the response.

Federal authorities recently announced plans to seize hundreds of website domains that Russia is using to spread election disinformation and support hacking attacks on former U.S. military and intelligence personnel. But investigators at the Atlantic Council’s Digital Forensic Research Lab found that websites seized by the government can be easily and quickly replaced.

For example, within a day of the Justice Department seizing several domains in September, researchers discovered 12 new websites created in their place. A month later, operations continued.

David Klepper reports for The Associated Press.