Chinese state-affiliated hacking groups are become more adept at using artificial intelligence to generate content designed to “go viral across social networks in the U.S. and other democracies,” researchers with the Microsoft Threat Intelligence Center said Thursday.
“We have observed China-affiliated actors leveraging AI-generated visual media in a broad campaign that largely focuses on politically divisive topics, such as gun violence, and denigrating U.S. political figures and symbols,” the researchers said. The visuals generated during the campaigns are more “eye-catching than the awkward visuals” previously deployed in Chinese operations, the researchers noted in a report and blog post published Thursday morning.
The activity is part of Chinese information operations’ increasing success at engaging target audiences around the world, which includes “China’s state-affiliated multilingual social media influencer initiative” that has “successfully engaged target audiences in at least 40 languages and grown its audience to over 103 million,” the researchers said in the report. Chinese state-sponsored propaganda is pushed by a network of more than 230 “state media employees and affiliates who masquerade as independent social media influencers across all major Western social media platforms,” the researchers said.
Part of this activity includes social media personas operated by real people that employ fictitious or stolen identities that conceal connections with the Chinese government and share artificially-generated content. “This relatively high- quality visual content has already drawn higher levels of engagement from authentic social media users,” the researchers said.
“China has continued to expand its cyber capabilities in recent years and shown much more ambition in its IO campaigns,” the researchers concluded. “We can expect wider cyber espionage against both opponents and supporters of the CCP’s geopolitical objectives on every continent. While China-based threat groups continue to develop and utilize impressive cyber capabilities, we have not observed China combine cyber and influence operations—unlike Iran and Russia, which engage in hack-and-leak campaigns.”
Simultaneously, Chinese-related cyberespionage operations continue apace, including the operation revealed in May where hackers used stolen Microsoft authentication keys to steal U.S. cabinet officials’ emails ahead of strategic diplomatic meetings between U.S. and Chinese officials. Microsoft said in a separate blog post Wednesday that the Chinese hacking group in that case, tracked as Storm-0558, compromised a Microsoft engineer’s corporate account in April 2021 to gain access to the keys.
Microsoft also revealed in May that Chinese-linked hacking operations targeted critical infrastructure entities in the U.S. and Guam possibly as part of efforts to lay the groundwork for disrupting communications between the U.S. and Asia in the event of a crisis. That operation was linked to a group tracked as Volt Typhoon, but at least two other distinct Chinese-linked hacking groups continue to target the U.S. defense industrial base broadly, according to the report.
China has displayed a “particular focus on the South China Sea region,” the researchers said in Thursday’s report, in activity that “signals attempts to gain competitive advantages for China’s foreign relations and strategic military aims.”
A group Microsoft tracks as Raspberry Typhoon is the primary Chinese-linked effort in the region, with a particular focus on Taiwan, but also Vietnam, the Philippines, Singapore, Malaysia, Brunei and Indonesia. The group “consistently targets government ministries, military entities, and corporate entities connected to critical infrastructure, particularly telecoms,” and has been “particularly persistent” since January 2023.