Microsoft has recently noted an uptick in cyber and influence trends originating from China and North Korea since June 2023. These trends reveal that nation-state threat groups are intensifying their efforts towards familiar targets by employing more advanced influence techniques to achieve their objectives. It is imperative for security teams to stay informed about these developments in order to safeguard their organizations against the latest attack vectors and nation-state threats.

Chinese Influence Actors Enhance Techniques and Experiment with Novel Approaches

In the recent months, Chinese cyber actors have been concentrating their efforts on entities across the South Pacific islands, regional adversaries in the South China Sea, and the US defense industrial base. Concurrently, Chinese influence actors have been refining their utilization of AI-generated and AI-enhanced content while also delving into new media formats to sow discord within the US and exacerbate divisions in the Asia-Pacific region.

For instance, a report from September 2023 delved into the application of generative artificial intelligence by Chinese influence operation (IO) assets to produce visually engaging content, including AI-generated memes that targeted the US to amplify controversial domestic issues and criticize the Biden administration. One of the prominent Chinese threat actors utilizing AI content, Storm-1376, has been running IO campaigns across 175 websites in 58 different languages. These campaigns now feature AI-generated photos to deceive audiences, propagate conspiratorial content—especially aimed at the US government—and cater to new demographics with targeted content.

Notably, Storm-1376 spread a slew of conspiratorial social media posts last August alleging that the US government intentionally sparked fires on the island of Maui in Hawaii to test a military-grade “weather weapon.” Besides disseminating the text in over 31 languages across numerous platforms, Storm-1376 incorporated AI-generated images of burning coastal roads and residences to make the content more captivating. With the approach of the 2024 US election cycle, it is anticipated that China will persist in producing and amplifying AI-generated content directed at the American populace.

North Koreans Escalate Software Supply Chain Attacks and Crypto Heists

On the North Korean front, cyber threat actors managed to pilfer hundreds of millions of dollars in cryptocurrency, conducted software supply chain attacks, and targeted their perceived national security adversaries in 2023. These activities serve to generate revenue for the North Korean government, specifically its weapons program, and gather intelligence on the US, South Korea, and Japan. Reports suggest that North Korean cyber actors have absconded with a substantial amount of cryptocurrency, estimated at over $3 billion since 2017, with heists totaling between $600 million and $1 billion in 2023 alone.

One of the threat actors identified by Microsoft, known as Sapphire Sleet, carried out a series of small yet frequent cryptocurrency theft operations. This group devised novel methods such as dispatching fake virtual meeting invitations containing links to a malicious domain and establishing counterfeit job-recruiting websites. Sapphire Sleet typically targets executives and developers at cryptocurrency, venture capital, and financial organizations.

Additionally, North Korean threat actors executed software supply chain attacks on IT firms, enabling access to downstream customers. One group, identified as Jade Sleet, leveraged GitHub repos and weaponized npm packages in a social engineering spear-phishing campaign directed at employees of cryptocurrency and technology organizations. Another group, Onyx Sleet, exploited the TeamCity CVE-2023-42793 vulnerability to orchestrate a remote code execution attack and gain administrative control of servers, thereby conducting software supply chain attacks on multiple victims.

With North Korea adopting new government policies and embarking on ambitious weapons testing initiatives, it is anticipated that there will be a surge in sophisticated cryptocurrency heists and supply chain attacks targeting the defense sector. Security teams within the defense and related industries must maintain a high level of vigilance against these evolving threats to safeguard their assets and data.

In conclusion, the evolving landscape of cyber and influence trends emanating from China and North Korea necessitates a proactive and informed approach from security teams worldwide to mitigate the risks posed by nation-state threat actors. By staying abreast of the latest developments and implementing robust security measures, organizations can bolster their defenses against sophisticated cyber threats and emerging influence tactics.

Source link