Faking a political endorsement in Taiwan ahead of its crucial January election, sharing memes to amplify outrage over Japan’s disposal of nuclear wastewater, and spreading conspiracy theories that claim the U.S. government was behind Hawaii’s wildfire and Kentucky’s train derailment last year. These are just some of the ways that China’s influence operations have ramped up their use of artificial intelligence to sow disinformation and stoke discord worldwide over the last seven months, according to a new report released Friday by Microsoft Threat Intelligence.
Microsoft has observed notable trends from state-backed actors, the report said, “that demonstrate not only doubling down on familiar targets, but also attempts to use more sophisticated influence techniques to achieve their goals.” In particular, Chinese influence actors “experimented with new media” and “continued to refine AI-generated or AI-enhanced content.”
Among the operations highlighted in the report was a “a notable uptick in content featuring Taiwanese political figures ahead of the January 13 presidential and legislative elections.” This included an AI-generated audio recording, posted by a Chinese Communist Party (CCP)-linked group known as Storm-1376 or “Spamouflage,” that made it falsely appear like Foxconn owner Terry Gou, who had mounted a short-lived independent presidential campaign, had endorsed another candidate, when he in fact did not. Microsoft also recorded the dissemination of AI-generated news anchors as well as AI-generated memes to mislead audiences and influence Taiwan’s elections.
“This was the first time that Microsoft Threat Intelligence has witnessed a nation state actor using AI content in attempts to influence a foreign election,” the report said, warning that “as populations in India, South Korea, and the United States head to the polls, we are likely to see Chinese cyber and influence actors, and to some extent North Korean cyber actors, work toward targeting these elections.”
China’s influence operations observed by Microsoft extended beyond Taiwan during the last several months, too. Last August, Storm-1376 launched a multilingual “large-scale, aggressive messaging campaign,” including through AI-generated memes, to amplify Chinese propaganda and stoke international public anger—especially —over Japan’s disposal of from Fukushima last year.
Microsoft also pointed to multiple instances of Storm-1376 spreading conspiratorial narratives “ultimately encouraging mistrust of and disillusionment with the U.S. government.” After the that ripped through Maui last August, Storm-1376 posted on “dozens of websites and platforms” that the fires were caused by the U.S. military testing a “weather weapon,” accompanied with AI-generated photos of flames raging along roads and buildings “to make the content more eye-catching,” the Microsoft report said. And in the days after a in November, a social media campaign by Storm-1376 urged audiences to consider that it was orchestrated by the U.S. government, which it said was “deliberately hiding something.” Microsoft said the disinformation campaign likened the derailment to 9/11 and Pearl Harbor cover-up theories.
In addition, Microsoft highlighted U.S.-election focused influence operations through “sockpuppet” accounts posing as Americans and “sometimes enhanced through generative AI.” The Microsoft Threat Analysis Center had previously that social media accounts very likely affiliated with the CCP impersonated U.S. voters to influence the 2022 midterm elections. “This activity has continued and these accounts nearly exclusively post about divisive U.S. domestic issues such as global warming, U.S. border policies, drug use, immigration, and racial tensions,” the center on Friday, adding that the campaign has adopted an increasing focus on asking questions and seeking perspectives—what amounts to “effectively, polling questions” about contentious topics in the U.S.—indicating “a deliberate effort to understand better which U.S. voter demographic supports what issue or position and which topics are the most divisive.”
Despite the growing sophistication involved in these influence operations, however, there remains little evidence that they have been successful in changing public opinion, Microsoft notes.
“While the impact of such content in swaying audiences remains low,” said the Microsoft report, “China’s increasing experimentation in augmenting memes, videos, and audio will continue—and may prove effective down the line.”
Additional cyber threats
Besides influence operations, Chinese cyber actors have also infiltrated important networks used by its adversaries. Last year, it compromised telecommunication entities in the South China Sea around the time of U.S. military drills, including in Indonesia, Malaysia, the Philippines, Cambodia, and Taiwan. China has been embroiled in maritime territorial disputes in the region with Southeast Asian states, which have long for strategic defense support.
FBI director Christopher Wray a congressional committee in January about Chinese hackers targeting critical U.S. infrastructure such as water treatment plants, electric grids, energy pipelines, and transportation. In February, the Cybersecurity and Infrastructure Security Agency that several of such critical infrastructure were confirmed to have been compromised by Chinese state-sponsored cyber group , whose operations Microsoft also outlined in its latest report.
North Korea was also documented in the Microsoft report, as continuing to and looking to AI tools to enhance its cyber operations. It was also found to have continued targeting aerospace and defense organizations in the U.S. and South Korea, as well as diplomats, government officials, and think tank experts—in what Microsoft assesses as “intelligence collection.”
Microsoft has been embattled by criticisms from U.S. lawmakers over its and failure to fend off Chinese threats. This week, a federal report Microsoft for its “inadequate” security culture, claiming that a “cascade of avoidable errors” by the company allowed Chinese cyber actors to access senior U.S. officials’ emails accounts, which were hosted by Microsoft Exchange Online.
In response, Microsoft said that the hackers were “well-resourced nation state threat actors who operate continuously and without meaningful deterrence” but vowed to “adopt a new culture of engineering security in our own networks.”