**Increasing Reliance on Criminal Networks by Russia, China, and Iran for Cyberattacks**
A recent report released by Microsoft reveals that Russia, China, and Iran are increasingly utilizing criminal organizations to carry out cyberespionage and hacking efforts against adversaries, particularly the United States. This troubling trend has raised concerns among national security officials and cybersecurity experts, who note the alarming merging of state-sponsored actions and the activities of criminal groups primarily motivated by financial gain.
The analysis highlights a notable incident in which an Iranian-affiliated hacking group breached an Israeli dating service, subsequently attempting to sell or extort the private data they obtained. Microsoft determined that the hackers’ goals were dual-fold: to humiliate Israeli citizens while also seeking financial profit.
Another noteworthy example involved a Russian criminal network that breached more than 50 devices used by the Ukrainian military in June. The aim appears to facilitate Russia’s ongoing invasion of Ukraine by gathering intelligence, indicating that financial incentives were not the primary motivators for this operation, aside from potential compensation from Russia itself.
For authoritarian states such as Russia, China, Iran, and North Korea, who maintain connections with hacking collectives, collaborating with cybercriminals offers mutual benefits. These governments enhance the effectiveness and scale of their cyber operations without incurring extra costs, while criminals gain opportunities for profit and the assurance of governmental protection.
Tom Burt, Microsoft’s vice president for customer security and trust, explained that this growing trend towards blending nation-state and cybercriminal actions is evident across these countries. However, Burt added that there is no current evidence of collaboration between these nations or shared resources with the same criminal networks. Nonetheless, the use of private cyber “mercenaries” highlights the lengths to which adversarial nations will go to weaponize cyberspace.
The report examined cyber threats from July 2023 to June 2024, focusing on the tactics employed by criminals and foreign nations, such as hacking, spear phishing, and malware, to exploit a target’s systems. Microsoft reported that its customers encounter over 600 million of these incidents on a daily basis.
Russia has directed a significant portion of its cyber efforts at Ukraine, aiming to infiltrate military and governmental systems while disseminating disinformation intended to erode support for Ukraine among its allies. In retaliation, Ukraine has advanced its own cyber initiatives, including a recent operation that disrupted several Russian state media platforms.
Criminal networks linked to these nations have also targeted American voters through fake websites and social media, disseminating misleading information about the upcoming 2024 election. Microsoft’s analysts concur with U.S. intelligence assessments indicating that Russia is focusing on Vice President Kamala Harris’s campaign, while Iran aims to undermine former President Donald Trump.
Additionally, Iran has reportedly hacked into Trump’s campaign and attempted to lure Democrats with the stolen information, while federal authorities have accused Iran of covertly backing protests in the U.S. regarding the war in Gaza. As election day approaches, it is likely that Russia and Iran will ramp up their cyber activity targeting the U.S., according to Burt.
On the other hand, China has largely refrained from meddling in the presidential elections, choosing instead to focus on lower-level Congressional and local elections. Microsoft has identified networks associated with China continuing to target Taiwan and other regional nations.
In response to the allegations, a spokesperson for the Chinese embassy in Washington dismissed claims of collaboration with cybercriminals as unfounded, asserting that the United States is disseminating its own disinformation regarding purported Chinese hacking threats. Liu Pengyu stated that “China firmly opposes and combats cyber attacks and cyber theft in all forms.”
Both Russia and Iran have similarly denied engaging in cyber operations aimed at American interests. Attempts to disrupt foreign disinformation campaigns and cyber activities have intensified but often fall short due to the anonymous and fluid nature of the internet.
Federal authorities have recently outlined plans to seize numerous website domains used by Russian entities to spread electoral misinformation and to aid efforts to hack into the communications of former U.S. military and intelligence officials. However, investigators from the Atlantic Council’s Digital Forensic Research Lab discovered that sites taken down by government action can be rapidly replaced. For instance, within a day of the Justice Department seizing multiple domains in September, 12 new websites were identified as substitutes, which remain operational a month later.
