A new report from Microsoft has revealed that Russia, China, and Iran are increasingly working with criminal hackers to ramp up their cyberespionage efforts against countries like the United States.
This growing alliance between authoritarian governments and cybercriminal networks raises alarms among national security officials and cybersecurity experts, who warn that it blurs the lines between state-backed operations and traditional hacking activities motivated by financial gain.
Collaborative cyber operations
In one striking example, Microsoft’s analysts uncovered how a hacking group linked to Iran breached an Israeli dating site, aiming to both embarrass users and extort money through ransom demands. Meanwhile, another investigation found a Russian cybercriminal group infiltrating over 50 electronic devices used by the Ukrainian military, seemingly in support of Russia’s invasion of Ukraine, with no apparent financial motive beyond possible compensation from Russian authorities.
For these nations, teaming up with hackers offers mutual benefits. Governments can expand their cyber capabilities without significant additional cost, while criminal hackers gain new avenues for profit and the added security of state protection. Though there is no evidence that Russia, China, and Iran are coordinating with one another or using the same networks, the growing involvement of cyber “mercenaries” signals how far these countries are willing to go to weaponize the internet.
Targeting US elections
The report also highlights how foreign networks tied to Russia, China, and Iran are focusing their efforts on the upcoming US elections. Russia has been actively spreading misinformation about Vice President Kamala Harris’s campaign, while Iran is working against former President Donald Trump’s campaign.
There have even been attempts by Iranian hackers to infiltrate Trump’s campaign and share the information with Democrats, though these efforts reportedly gained little traction.
Microsoft’s findings suggest these cyber operations will intensify as election day approaches. Although China has kept its distance from the presidential race, it has focused on influencing down-ballot contests and continues to target Taiwan and other regional rivals. A Chinese embassy spokesperson in Washington dismissed the allegations, calling them baseless and accusing the US of spreading misinformation.
Challenges in countering cyber threats
Efforts to counter foreign cyber operations remain challenging due to the ease with which hackers can evade takedowns. Federal authorities recently seized hundreds of Russian domains linked to disinformation campaigns and hacking attempts targeting US military and intelligence personnel.
However, the Atlantic Council’s Digital Forensic Research Lab found that many of these domains were swiftly replaced—within a day, 12 new websites emerged to replace those taken offline. One month later, these replacement sites are still active.
The porous nature of the Internet makes mounting lasting countermeasures difficult. Therefore, the US and its allies must adopt more dynamic strategies to keep up with these persistent and evolving cyber threats. As the election draws closer, experts expect Russia and Iran to intensify their digital operations, further complicating efforts to safeguard critical systems and the democratic process.
