Technology

Russia, China collaborating with criminal networks in cyberattacks against adversaries: Microsoft 

Russia, China and Iran are increasingly collaborating with cybercrime networks to launch a variety of attacks against their adversaries, including the U.S., Microsoft said in a Tuesday report.

The attacks, ranging from ransomware to phishing, were carried out for “espionage, destruction or influence” and involved cybercrime gangs working with these nations to share hacking tools and tactics, Microsoft said in its new Digital Defense Report. Published Tuesday, the report looked at cyber threats from July 2023 through June.  

In one influence operation, an Islamic Revolutionary Guard Corps (IRGC) group used cyber personas starting last year to sell stolen Israeli dating website data, Microsoft found.  

And in another case, Russian threat actors used new malware and appeared to outsource some cyberespionage operations to criminal groups, the report stated. Last June, one operation compromised at least 50 Ukrainian military devices in an apparent attempt to access information for the Russian government. 

Microsoft said these cyberattacks also included attempts to influence the U.S. election ahead of November. Russia has continued various operations intended to undermine trust in democratic institutions, while Iran and China have escalated their influence campaigns in the past year. 


Iran, in one case, likely operated a network of websites posing as news outlets for U.S. voter groups to engage with, according to Microsoft. These websites featured “polarizing messages” on the U.S. presidential candidates, the Israel-Hamas war and LGBTQ rights. These sites used artificial intelligence tools to copy work from real publications in the U.S., the report said.  

The tech company pointed to China’s use of “covert social media networks,” to create discord and influence the presidential race. In one instance, an actor linked to the Chinese Communist Party carried out an influence campaign on social media amid the uptick in college campus protests related to the Israel-Hamas war.  

The actor allegedly had multiple accounts on Telegram pretending to be students or parents involved in the protests in a likely attempt to prompt conflict about the protests, Microsoft said.  

As for Russia, the country’s influence operations were at a “slower pace” than past elections, though attempts were still observed, Microsoft noted.  

“The convergence and parallel nature of nation-state operations throughout 2024 underscores just how persistent adversarial states are in their attempts to exert influence over US elections and outcomes,” the report stated. “Left unchecked, this poses a critical challenge to US national security and democratic resilience.” 

Lawmakers and tech leaders alike have repeatedly sounded the alarm over foreign election interference attempts, including Microsoft Vice Chair and President Brad Smith, who testified last month that there are “real and serious” threats of foreign actors trying to wield influence on the 2024 election.  

“We know that there is a presidential race between Donald Trump and Kamala Harris, but this has also become an election of Iran versus Trump and Russia versus Harris,” Smith said before a Senate Intelligence Committee hearing on foreign election interference last month.  

The Justice Department handed down an indictment last month accusing two RT employees of leading a covert influence campaign by partnering with conservative company Tenet Media to hire various right-wing influencers. The agency also seized more than 30 web domains used by Russia for covert campaigns. 

Days later, Meta — the parent company of Facebook and Instagram — announced it banned Russian state media from its social media platforms in the wake of the outlets’ “foreign interference activity.” 

Earlier this month, the DOJ seized dozens more web domains used by Russian intelligence agents and their proxies to steal Americans’ information.