Foreign adversaries are increasingly using artificial intelligence (AI) in their cyber influence campaigns, with operations picking up “aggressively” this year, Microsoft said on Oct. 16.

In July, Microsoft identified more than 200 instances of AI-generated content from nation-state adversaries, more than four times the number in July 2024, and more than 10 times the number in July 2023, the company’s annual Digital Defense Report shows.

AI can create increasingly convincing emails and generate digital clones of senior government officials or news anchors, according to the report. The sophistication of AI tools has made the operations “easier to scale, more effective, and harder to trace,” and it is becoming increasingly difficult to differentiate state- and non-state actors, the report stated.

For scammers, AI is making it easier to quickly create more convincing websites, profiles, emails, and IDs, the report said. Microsoft said it blocked 1.6 million fake account creation attempts per hour on the company’s platforms.

“Everyone—from industry to government—must be proactive to keep pace with increasingly sophisticated attackers and to ensure that defenders keep ahead of adversaries,” said Amy Hogan-Burney, Microsoft’s vice president for customer security and trust, who oversaw the report.

US Top Target

Of the cyberattacks Microsoft identified in the first half of this year, 24.8 percent impacted the United States, while 5.6 percent impacted the UK, the second top target.

The United States was also the top target of nation-state threat actors, including China, Russia, Iran, and North Korea.

In the 12-month period through June, Microsoft identified 623 state-backed operations against the United States. Other key targets included Israel, Ukraine, the United Arab Emirates, the UK, and Taiwan.

“The breadth and scale of Chinese targeting operations continue to stand out from other nation-state actors,” the report reads, adding that China’s espionage campaigns targeted the United States, Asia, North Africa, and Latin America, to gain economic competitive advantage.

Russia and Iran have expanded their targets beyond targeting war opponents and historical foes. Microsoft identified an increasing number of Russian attacks targeting NATO countries and small businesses in countries supporting Ukraine, while Iran attacked shipping and logistics firms, possibly seeking to interfere with commercial shipping operations, Hogan-Burney said.

North Korea was found to have deployed thousands of state-affiliated remote IT workers to apply for jobs with foreign companies to increase revenue for the regime, and turned to extortion when their identities were discovered, she said.

Use of Insiders

Foreign adversaries are also increasingly using non-state actors to conduct insider operations, both by recruiting insiders and by stealing insiders’ passwords.

According to the report, China and Russia have both used academic or professional affiliations to target sectors with both economic and military value, including AI, quantum technologies, biotechnology, and defense.

Hogan-Burney said rather than “breaking in,” adversaries are “signing in.”

In the 12-month period through June, password attacks constituted more than 97 percent of the identity attacks that Microsoft identified, with the total volume increasing by nearly a third in the first half of this year.