Accessibility links

Breaking News

Iran

FILE - A smartphone with the word "Cyberattack" and binary codes over it is placed on a computer motherboard in this illustration taken Feb. 23, 2023. A Microsoft report published on Oct. 15, 2024, says Russia, China and Iran are using criminal networks in their spying efforts.
FILE - A smartphone with the word "Cyberattack" and binary codes over it is placed on a computer motherboard in this illustration taken Feb. 23, 2023. A Microsoft report published on Oct. 15, 2024, says Russia, China and Iran are using criminal networks in their spying efforts.

Russia, China and Iran are increasingly relying on criminal networks to lead cyberespionage and hacking operations against adversaries such as the United States, according to a report on digital threats published Tuesday by Microsoft.

The growing collaboration between authoritarian governments and criminal hackers has alarmed national security officials and cybersecurity experts. They say it represents the increasingly blurred lines between actions directed by Beijing or the Kremlin aimed at undermining rivals and the illicit activities of groups typically more interested in financial gain.

In one example, Microsoft's analysts found that a criminal hacking group with links to Iran infiltrated an Israeli dating site and then tried to sell or ransom the personal information it obtained. Microsoft concluded the hackers had two motives: to embarrass Israelis and make money.

In another, investigators identified a Russian criminal network that infiltrated more than 50 electronic devices used by the Ukrainian military in June, apparently seeking access and information that could aid Russia's invasion of Ukraine. There was no obvious financial motive for the group, aside from any payment they may have received from Russia.

Marriage of convenience

For nations such as Russia, China, Iran and North Korea, teaming up with cybercriminals offers a marriage of convenience with benefits for both sides. Governments can boost the volume and effectiveness of cyber activities without added cost. For the criminals, it offers new avenues for profit and the promise of government protection.

"We're seeing in each of these countries this trend toward combining nation-state and cybercriminal activities," said Tom Burt, Microsoft's vice president of customer security and trust.

So far there is no evidence suggesting that Russia, China and Iran are sharing resources with each other or working with the same criminal networks, Burt said. But he said the growing use of private cyber "mercenaries" shows how far America's adversaries will go to weaponize the internet.

Microsoft's report analyzed cyber threats between July 2023 and June 2024, looking at how criminals and foreign nations use hacking, spear phishing, malware and other techniques to gain access and control over a target's system. The company says its customers face more than 600 million such incidents every day.

Russia focused much of its cyber operations on Ukraine, trying to enter military and government systems and spreading disinformation designed to undermine support for the war among its allies.

Ukraine has responded with its own cyber efforts, including one last week that knocked some Russian state media outlets offline.

US elections targeted

Networks tied to Russia, China and Iran have also targeted American voters, using fake websites and social media accounts to spread false and misleading claims about the 2024 election. Analysts at Microsoft agree with the assessment of U.S. intelligence officials who say Russia is targeting the campaign of Vice President Kamala Harris, while Iran is working to oppose former President Donald Trump.

Iran has also hacked into Trump's campaign and sought, unsuccessfully, to interest Democrats in the material. Federal officials have also accused Iran of covertly supporting American protests over the war in Gaza.

Russia and Iran will likely accelerate the pace of their cyber operations targeting the U.S. as election day approaches, Burt said.

China, meanwhile, has largely stayed out of the presidential race, focusing its disinformation on down-ballot races for Congress or state and local office. Microsoft found networks tied to Beijing also continue to target Taiwan and other countries in the region.

Denials from all parties

In response, a spokesperson for the Chinese Embassy in Washington said allegations that China partners with cybercriminals are groundless and accused the U.S. of spreading its own "disinformation about the so-called Chinese hacking threats."

In a statement, spokesperson Liu Pengyu said that "our position is consistent and clear. China firmly opposes and combats cyberattacks and cybertheft in all forms."

Russia and Iran have also rejected accusations that they're using cyber operations to target Americans. Messages left with representatives of those three nations and North Korea were not returned Monday.

Efforts to disrupt foreign disinformation and cyber capabilities have escalated along with the threat, but the anonymous, porous nature of the internet sometimes undercuts the effectiveness of the response.

Federal authorities recently announced plans to seize hundreds of website domains used by Russia to spread election disinformation and to support efforts to hack former U.S. military and intelligence figures. But investigators at the Atlantic Council's Digital Forensic Research Lab found that sites seized by the government can easily and quickly be replaced.

Within one day of the Department of Justice seizing several domains in September, for example, researchers spotted 12 new websites created to take their place. One month later, they continue to operate.

FILE - A missile is launched during a drill in southern Iran, in this photo released by the Iranian army's website on Jan. 19, 2024.
FILE - A missile is launched during a drill in southern Iran, in this photo released by the Iranian army's website on Jan. 19, 2024.

Iran's foreign ministry summoned Hungary's ambassador on Tuesday to protest against new European Union sanctions on Tehran, and denied Western allegations that it has transferred ballistic missiles to Russia, Iranian state media reported.

The EU agreed on Monday to impose sanctions on seven people and seven organizations, including airline Iran Air, for alleged links to Iranian transfers of ballistic missiles to Russia. Britain, which is not in the EU, also imposed new sanctions.

Hungary's ambassador was summoned because Budapest holds the 27-nation EU's rotating presidency.

"In addition to voicing the Islamic Republic's strong protest against the EU's recent decision, the meeting helped stress that resorting to illegal and coercive methods like sanctions against Iran is unacceptable and will lead nowhere," the official IRNA news agency said.

Britain added nine new designations under its Iran sanctions regime on Monday, after the United States said last month that Russia had received ballistic missiles from Iran for Moscow's war in Ukraine.

Denying the missile transfers, Iranian foreign ministry spokesperson Esmaeil Baghaei said on X: "Some European countries and the UK have unfortunately claimed without evidence that Iran has militarily intervened in this conflict which is totally refuted."

Baghaei said the imposition of new sanctions on Iranian individuals and entities went against international law.

A spokesperson for Iran's Civil Aviation Organization told IRNA that national airline Iran Air would cease flights to Europe as it was no longer able to receive the flight permits it needs. Iran Air is the only Iranian airline that has recently been flying to Europe, an official from the Association of Iranian Airlines told the Iranian Labour News Agency.

Saha Airlines, Mahan Air and Iranian Deputy Defense Minister Seyed Hamzeh Ghalandari are included in the latest sanctions.

Also facing EU sanctions are prominent officials from the Islamic Revolutionary Guard and the managing directors of Iran Aircraft Manufacturing Industries and Aerospace Industries Organization.

The sanctions include an asset freeze and a travel ban to the EU.

Load more

Special Report

XS
SM
MD
LG