Russia, China, North Korea, Iran recruiting cybercriminals: Microsoft report
WASHINGTON, UNITED STATES — Russia, China, North Korea, and Iran are intensifying their recruitment of cybercriminals to steal money, gather intelligence, and influence elections.
This trend, highlighted in Microsoft’s recent threat report, revealed that these hackers are not just stealing data.
“They are launching ransomware, prepositioning backdoors for future destruction, sabotaging operations, and conducting influence campaigns,” said Tom Burt, Microsoft’s Corporate Vice President of Customer Security.
Government and cybercriminal convergence
The report highlights a growing collaboration between nation-states and cybercriminals. Countries such as Russia, China, North Korea, and Iran are increasingly using financially motivated hackers as “force multipliers” to bolster their cyber capabilities.
- Russia: Russian threat actors are heavily involved in cyber operations that include espionage and influence campaigns. They use cybercriminal tools and tactics to support state objectives, often targeting sectors such as government, IT, and think tanks.
- China: Chinese cyber activities focus on intelligence collection, particularly in the Asia-Pacific region. Chinese threat actors target military and IT entities around the South China Sea, employing sophisticated techniques to gather intelligence.
- North Korea: Known for its financially motivated cyber operations, North Korea has been involved in significant cryptocurrency thefts. The country uses cybercrime to fund state initiatives, including its missile programs.
- Iran: Iranian cyber activities have increasingly focused on financial gain alongside traditional espionage. Iranian actors have targeted sectors like education and government for intelligence collection and have been involved in influence operations against geopolitical adversaries.
Microsoft noted a trend where nation-states collaborate with or imitate cybercriminals to meet their goals. This convergence allows states to exploit cybercriminal expertise while maintaining plausible deniability.
For example, North Korean hackers have reportedly stolen over $3 billion in cryptocurrency since 2017, blurring the lines between state-sponsored actions and pure cybercrime.
AI’s role in cybersecurity challenges
The use of generative artificial intelligence tools has further complicated the cybersecurity landscape, enabling more effective influence operations and attacks.
This evolving threat demands stronger international cooperation and enhanced cybersecurity measures to protect critical infrastructure and uphold democratic processes.
Sri Lanka’s major cybercrime bust
Despite these rising threats, Sri Lankan authorities arrested over 230 Chinese nationals involved in cybercrime operations targeting international banks. The raids resulted in the seizure of 250 computers and 500 mobile phones used in the scams.
Sri Lanka’s Foreign Minister Vijitha Herath stated that the suspects primarily targeted foreign banks and financial institutions.
China’s embassy in Colombo confirmed the arrests and mentioned that a working group was dispatched to collaborate with Sri Lankan police.
The embassy suggested that China’s domestic crackdown on cybercriminals might have driven some to seek opportunities abroad. It further emphasized China’s commitment to strengthening law enforcement cooperation with Sri Lanka.
