The world of cyber threats is rapidly evolving, with nation-states like China and North Korea leveraging artificial intelligence (AI) to amplify their malicious operations. According to a recent report from the Microsoft Threat Analysis Center (MTAC), these countries are harnessing the power of AI to influence public opinion, sow discord, and generate revenue through cyber attacks.
China’s AI-Powered Influence Operations
Chinese threat actors affiliated with the Communist Party are ramping up the use of AI-generated content on social media platforms. Their primary objective is to amplify controversial domestic issues and criticize the current administration in the United States and other countries.
Stoking Discord and Spreading Disinformation
The report highlights the activities of the group Storm-1376, which specializes in influence operations. This group has been spreading conspiratorial narratives about major incidents, such as the Hawaii wildfires in August 2023 and the Kentucky train derailment during the Thanksgiving holiday. They used AI-generated images and memes to make their content more eye-catching and disseminated it across multiple platforms in various languages.
Furthermore, Storm-1376 aimed to stoke discord in East Asian countries by criticizing the Japanese government’s decision to release treated radioactive wastewater into the Pacific Ocean. AI-generated memes and images were utilized to amplify these messages across social media platforms in Japanese, Korean, and English.
AI-Generated News Anchors and Sockpuppets
The report also noted the growing use of AI-generated news anchors and sockpuppets by China-affiliated actors. These AI-generated anchors appeared in campaigns targeting Taiwanese officials in the lead-up to Taiwan’s Presidential election in January 2024.
Additionally, Chinese sockpuppets posing as US voters have been soliciting opinions on divisive domestic issues from American citizens. This tactic is believed to be a means of gathering intelligence and precision on key voting demographics ahead of the US Presidential election, to influence voters.
North Korea’s Cyber Operations for Revenue and Intelligence
The MTAC report also sheds light on North Korea’s cyber activities, which are primarily focused on generating revenue and collecting intelligence on perceived adversaries like the United States, South Korea, and Japan.
Cryptocurrency Heists and Software Supply Chain Attacks
North Korean hackers have stolen over $3 billion in cryptocurrency since 2017, according to Recorded Future’s Insikt Group. This is part of the government’s efforts to circumvent economic sanctions and fund its weapons program. Groups like Jade Sleet, Sapphire Sleet, and Citrine Sleet have been particularly active in targeting cryptocurrency targets since June 2023.
North Korean threat actors have also heavily targeted the IT sector with spear-phishing and software supply chain attacks. For instance, the group Diamond Sleet exploited the TeamCity CVE-2023-42793 vulnerability in October 2023 to compromise hundreds of victims in various industries across the US and European countries.
Geopolitical Intelligence Gathering and AI Experimentation
Some North Korean cyber activities have had a geopolitical objective, such as countering the trilateral alliance between the US, South Korea, and Japan. Groups like Ruby Sleet, Emerald Sleet, and Pearl Sleet have frequently targeted organizations in sectors like government, defense, and media to collect intelligence on these countries.
Moreover, North Korean actors are experimenting with AI large language models (LLMs) to enhance their operations. Microsoft and OpenAI observed Emerald Sleet utilizing LLMs to improve spear-phishing campaigns targeting Korean Peninsula experts.
As the use of AI in cyber threats continues to evolve, governments, organizations, and individuals must remain vigilant and implement robust cybersecurity measures to combat these advanced threats.
