Threat actors affiliated with China are intensifying the use of AI to influence and sow division in the United States and other countries, according to a new report from the Microsoft Threat Analysis Center (MTAC).
Researchers have highlighted how actors affiliated with the Chinese Communist Party (CCP) are posting AI-generated content on social media to amplify controversial domestic issues and criticize the current administration in the United States.
For example, the Storm-1376 group, which specializes in influence operations, spread conspiratorial narratives about the August 2023 Hawaii wildfires across multiple social media platforms.
These articles alleged that the U.S. government deliberately set the fires to test a military-grade “weather weapon.” Storm 1376 used AI-generated images of coastal roads and burning residences to make the content more eye-catching and published the texts in at least 31 languages.
In another case, the group launched a social media campaign regarding a train derailment in Kentucky that occurred over the Thanksgiving holiday. These messages propagate the narrative that the U.S. government may have caused the derailment and is “deliberately hiding something.”
The influence campaigns of Storm 1376 also aimed to stir up discord in East Asian countries. This included the use of AI-generated memes and images criticizing the Japanese government after Japan began discharging treated radioactive wastewater into the Pacific Ocean in August 2023.
These messages were spread indiscriminately on social media platforms in numerous languages, including Japanese, Korean and English.
The report also highlights the growing use of AI-generated people in videos from China-affiliated actors. This included AI-generated news anchors created by third-party tech companies, using Chinese tech company ByteDance’s CapCut tool.
These AI-generated presenters have appeared in various campaigns featuring Taiwanese officials in the lead-up to the January 2024 Taiwanese presidential election.
China tests US voters’ fault lines
MTAC has observed the increasing use of Chinese “puppets” posing as American voters on social media to solicit the opinions of American citizens on political topics.
Researchers believe this will likely help gather intelligence and details on key voter demographics ahead of the U.S. presidential election to inform campaigns aimed at influencing voters.
These accounts cover “almost exclusively” controversial domestic issues in the United States, such as drug use, immigration policies, and racial tensions.
Going forward, Microsoft expects Chinese cyberspace and influence actors to work to target a number of key elections taking place later this year, including in India, South Korea and in the United States, using AI to support their campaigns.
“Even if the impact of such content on public influence remains small, China’s growing experiments in augmenting memes, videos and audio will continue – and may prove effective eventually,” the researchers wrote.
North Korea continues to generate revenue from cyber operations
Another area covered by the report North Korea has used cyberattacks to generate revenue and gather intelligence on perceived adversaries like the United States, South Korea and Japan.
In November 2023, Recorded Future’s group Insikt estimated that North Korean hackers have stolen more than $3 billion in cryptocurrency since 2017 as the government seeks to circumvent economic sanctions to finance its weapons program.
Microsoft said the three threat actors it tracks, Jade Sleet, Sapphire Sleet and Citrine Sleet, have been most focused on cryptocurrency targets since June 2023.
North Korean actors also heavily targeted the IT sector with spear phishing and software supply chain attacks during the period covered, from June 2023 to January 2024.
For example, the Diamond Sleet Group exploited the TeamCity CVE-2023-42793 vulnerability in October 2023 to compromise hundreds of victims across various industries in the United States and European countries like the United Kingdom, Denmark, Ireland and Germany.
Additionally, some North Korean cyber activities had a geopolitical objective, such as countering the trilateral alliance between the United States, South Korea, and Japan.
Groups like Ruby Sleet, Emerald Sleet and Pearl Sleet have frequently targeted organizations in sectors such as government, defense and media to gather intelligence on these countries, according to the report.
The researchers also highlighted how North Korean actors continue to experiment with large AI language models (LLMs) to make their operations more efficient.
For example, Microsoft and OpenAI observed an emerald sleet use LLMs to improve spear phishing campaigns targeting Korean Peninsula experts.