China is using fake social media accounts to poll voters on what divides them most in order to sow division and possibly influence the outcome of the US presidential election in its favor. China has also increased its use of AI-generated content to further its goals around the world. North Korea has increased cryptocurrency thefts and supply chain attacks to finance and promote its military objectives and intelligence gathering. It has also started using AI to make its operations more effective and efficient.
These are among the Microsoft Threat Intelligence insights contained in the latest East Asia report released today by the Microsoft Threat Analysis Center (MTAC): Same targets, new playbooks: East Asian threat actors employ unique methods.
Three key conclusions emerge from the report:
- Deceptive social media accounts from actors affiliated with the Chinese Communist Party (CCP) have begun asking controversial questions on controversial domestic issues in the United States in order to better understand key issues dividing American voters. This could include gathering intelligence and details on key voter demographics ahead of the US presidential election.
- There has been increased use of Chinese AI-generated content in recent months, attempting to influence and sow division in the United States and elsewhere on a range of topics, including: the Kentucky train derailment in November 2023, the Maui wildfires in August 2023, the disposal of Japanese nuclear wastewater, drug use in the United States as well as immigration policies and racial tensions in the country. There is little evidence that these efforts have succeeded in swaying opinion.
- China’s geopolitical priorities remain unchanged, but it has doubled down on targets and increased the sophistication of its influence operations (IO) attacks. These priorities are:
- The South Pacific Islands
- The South China Sea region
- The American defense industrial base
Inauthentic Chinese social media accounts try to learn more about what divides American voters
MTAC previously reported in September 2023 how CCP-affiliated social media accounts began impersonating American voters in an attempt to influence the 2022 U.S. midterm elections. This activity has continued and these accounts post almost exclusively on issues controversial domestic issues in the United States, such as global warming, US border policy, drug use, immigration and racial tensions. They use original videos, memes, and infographics as well as recycled content from other top political accounts. In recent months, survey questions have actually increased. This indicates a deliberate effort to better understand which demographic of US voters supports which issue or position and which topics are most controversial, ahead of the main phase of the US presidential election.
China is using more AI in its influence campaigns
Chinese IO operations in the United States have continued to opportunistically rely on events that could serve their strategic interests, such as portraying the United States in an unfavorable light. These operations, attributed to the 1376 storm, included:
- Urging the public to question whether the derailment of a train carrying molten sulfur in Kentucky in November 2023 was deliberately caused by the U.S. government and whether it is “deliberately hiding something.” Some posts even compared the derailment to the 9/11 and Pearl Harbor cover-up theories.
- Accusing the United States of deliberately poisoning other countries’ water supplies to maintain “water hegemony.” It was part of a broader multilingual campaign, primarily focused on Japan and its government’s decision to discharge its treated radioactive wastewater into the Pacific Ocean. Storm 1376 attempted to cast doubt on the International Atomic Energy Agency’s (IAEA) scientific assessment that the disposal was safe.
Taiwan’s January 2024 presidential election saw an increase in the use of AI-generated content to bolster IO operations by CCP-affiliated actors. This was the first time Microsoft Threat Intelligence saw a state actor use AI content to try to influence a foreign election.
The group we call Storm-1376, also known as Spamouflage and Dragonbridge, has been the most prolific. For example, on Election Day, it released alleged fake AI-generated audio of Foxconn owner and election candidate Terry Gou (who had withdrawn from the race in November 2023) supporting another candidate to the presidential race. Gou had not made such a statement. YouTube quickly removed this content before it reached a wider audience.
Storm 1376 fostered a series of AI-generated memes of Taiwan’s Democratic Progressive Party (DPP) presidential candidate William Lai and other Taiwanese officials as well as Chinese dissidents around the world. These include an increasing use of AI-generated news anchors deployed by Storm-1376 since at least February 2023.
North Korean cyber operations
North Korea has continued to prioritize the theft of cryptocurrency funds, carrying out attacks on the software supply chain and targeting its perceived national security adversaries. This is expected to generate revenue, primarily for its weapons program, in addition to intelligence collection on the United States, South Korea and Japan.
The United Nations estimates that North Korean cyber actors have stolen more than $3 billion in cryptocurrency since 2017. Heists totaling between $600 million and $1 billion have taken place in 2023 alone.
Our report documents multiple cases of cryptocurrency heists, spear phishing, and software supply chain attacks, as well as efforts to undermine the trilateral alliance between the United States, Japan, and South Korea. South.
Notably, Microsoft and OpenAI observed the North Korean actor we call Emerald Sleet uses tools powered by large language AI models (LLM) to make its operations more effective and efficient. Microsoft has partnered with OpenAI to disable accounts and assets associated with Emerald Sleet.
Look forward to
With major elections taking place this year around the world, including in India, South Korea and the United States, we believe that China will minimally create and amplify AI-generated content in the interest of his interests. Even though the chances of such content affecting election results remain low, China’s growing experiments with augmenting memes, videos and audio will likely continue – and could prove more effective in the long term. We can expect North Korea to continue stealing cryptocurrencies to finance its space, missile, and nuclear programs, as well as to launch attacks on the defense sector supply chain.
