Chinese and North Korean actors are “likely” to work towards targeting upcoming elections in the United States, India and South Korea, a new report from Microsoft is warning.
The Microsoft Threat Analysis Center (MTAC), the computing giant’s security research group, warns the two countries’ cyber and influence abilities are growing.
“China will, at a minimum, create and amplify AI-generated content that benefits their positions in these high-profile elections,” the report states, while claiming North Korea is poised to engage in “increasingly sophisticated cryptocurrency heists and supply chain attacks at the defence sector” to fund its regime and develop new military capabilities.
The report highlights the growing effectiveness and scope of influence operations by groups allegedly connected to China against rivals and allies in the Asia-Pacific region and the United States.
The groups’ campaigns include artificial intelligence-generated photos “to mislead audiences, stoking conspiratorial content – particularly against the U.S. government,” according to the document.
“Such tactics have been used in campaigns stoking divisions within the United States and exacerbating rifts in the Asia-Pacific region—including Taiwan, Japan, and South Korea.”
“It’s easy to attack, but it’s always harder to defend,” said Kwasi Boakye-Boateng, a postdoctoral fellow with the Canadian Institute for Cybersecurity at the University of New Brunswick.
“Cyber defence is trailing behind.”
These days, he says all people need to do to spread such content is “put it on any social media platform and then it’ll quickly spread like wildfire. You just need to make sure that the information is catchy enough.”
The document also references a Canadian report about AI videos falsely showing Chinese dissidents in Canada criticizing the Canadian government.
Microsoft’s report states “sockpuppet” social media accounts, which impersonate U.S. voters by posing as Americans from across the political spectrum, post politically motivated infographics or videos and often ask followers if they agree with a specific topic.
“This tactic may be for the purpose of seeking further engagement,” the Microsoft report states, or to gain intelligence around key voting demographics.
Philip Ingram, a former senior British military intelligence officer, described China as “a major player in the cyber world.”
“Data is the big thing, as is intellectual property. Anything that will give China, an economic advantage, whether that be through understanding policy or manipulating policy or getting intellectual property so that they don’t have to spend billions of dollars developing something,” he said.
State-affiliated groups or others not directly linked to the state are often operating with governments like China and Russia turning ” a blind eye to them,” he added.
The most prolific group connected to the Chinese Communist Party that uses AI content is “Storm-1376,” also known as “Spamouflage” or “Dragonbridge,” “whose influence operations span over 175 websites and 58 languages.”
MTAC alleges Storm-1376 posted AI-generated clips that falsely showed a candidate in Taiwan’s presidential election endorsing another candidate during the country’s election last year.
Storm-1376 also posted videos with AI-generated news anchors, created using software from ByteDance, the Chinese company that owns TikTok, to create videos that falsely claim, for example, that one candidate, who ended up winning the election had mistresses and illegitimate children.
China claims ownership over the independent country of Taiwan.
Storm-1376 also “seized upon the chance to spread conspiratorial narratives,” according to the report.
The group amplified narratives on social media that falsely alleged the U.S. government started the deadly 2023 Hawaii wildfires (when power lines caused it).
MTAC writes that Storm-1376 also launched a large and aggressive campaign criticizing the Japanese government after Tokyo began releasing radioactive wastewater into the Pacific Ocean, claiming the water was unsafe (though the International Atomic Energy Agency and experts say it is).
The group also spread anti-U.S. government conspiracy theories and highlighted voter division after a train derailed in Kentucky in November 2023, according to Microsoft. (The Associated Press reported a failed wheel bearing caused it).
Another group called Storm-0062 focused on compromising U.S. defence-related government entities, the report states, including contractors tied to aerospace and natural resources critical to American national security.
“Additionally, Storm-0062 repeatedly targeted military entities in the United States; however, it is unclear whether the group was successful in its attempted compromises.”
The report claims the impact from Chinese government-affiliated groups to sway people remains low but it could prove effective in the future.
And it delves into North Korean cyber activities, stating North Korean cyber threat actors “stole hundreds of millions of dollars in cryptocurrency” which generated money for the country’s weapons program.
Microsoft alleges North Korean hackers stole nearly $50 million from an Estonia-based cryptocurrency firm in June 2023 and $170 million from a Singapore-based cryptocurrency platform in July of that year.
Another Pyongyang-linked group compromised “hundreds of victims in various industries in the United States and European countries including the United Kingdom, Denmark, Ireland, and Germany.”
– with files from Global News’ David Akin and Eric Stober and The Associated Press