New Microsoft report says China campaign accused U.S. of using a military-grade "weather weapon" to deliberately start the Maui wildfires

weather weapon Pro-Beijing hacker threat actor Storm-1376 posted videos in Mandarin and English alleging that the United States and India were responsible for unrest in Myanmar. The same AI-generated anchor is used in some of these videos appeared in a Taiwan-facing Storm-1376 campaign. (from Microsoft Threat Analysis Center)

China is using fake social media accounts and AI to probe societal divisions and sow discord in North America, according to a new report by the Microsoft Threat Analysis Center (MTAC). The report, titled "Same targets, new playbooks: East Asia threat actors employ unique methods," reveals how China uses AI-generated memes to stoke controversies. For example, they accuse the United States of employing a military-grade "weather weapon" to intentionally initiate the Maui wildfires and amplifying outrage over Japan's disposal of nuclear wastewater.

If also reports on North Korea's cryptocurrency heists that have pilfered hundreds of millions in cryptocurrency to fund its weapons programs and software attacks to disrupt supply chains.

A pro-Beijing group called Storm-1376 (also known as "Spamouflage" or "Dragonbridge") is featured prominently in the report:

  • Election Day Misinformation: "On Taiwan's election day, Storm-1376 posted suspected AI-generated audio clips of Foxconn owner Terry Gou… The audio recordings portrayed Gou's voice endorsing another candidate in the presidential race… Gou's voice in the recordings is likely AI-generated as Gou made no such statement."
  • Use of AI-Generated Anchors: "AI-generated news anchors… appeared in a variety of campaigns featuring Taiwanese officials… Storm-1376 has made use of such AI-generated news anchors since at least February 2023."
  • Meme Propagation: "Storm-1376 promoted a series of AI-generated memes of Taiwan's then-Democratic Progressive Party (DPP) presidential candidate William Lai in December… noting 'X days' to take the DPP out of power."
  • Conspiratorial Narratives: "Storm-1376—an actor whose influence operations span over 175 websites and 58 languages—has continued to frequently mount reactive messaging campaigns… particularly those that portray the United States in an unfavorable light or further the CCP's interest in the APAC region."
  • Claims of U.S. Government Involvement in Natural Disasters: "In August 2023… Storm-1376 seized upon the chance to spread conspiratorial narratives… These posts alleged the US government had deliberately set the fires [in Maui, Hawaii] to test a military-grade 'weather weapon.'"
  • Amplifying Outrage Over Environmental Issues: "Storm-1376 launched a large-scale… messaging campaign criticizing the Japanese government after Japan began releasing treated radioactive wastewater… Some content even accused the United States of purposefully poisoning other countries to maintain 'water hegemony.'"
  • Targeting South Korea with Localized Content: "Related to the Fukushima wastewater dumping, Storm-1376 made a concerted effort to target South Korea with localized content… including hundreds of posts in Korean across multiple platforms."

North Korea's activities appear to be geared toward stealing stuff:

  • Cryptocurrency Heists: "The United Nations estimates that North Korean cyber actors have stolen over $3 billion in cryptocurrency since 2017… These stolen funds reportedly finance over half of the country's nuclear and missile program."
  • Focused Cyber Threat Actors: "Three threat actors tracked by Microsoft—Jade Sleet, Sapphire Sleet, and Citrine Sleet—focused the most on cryptocurrency targets since June 2023… Jade Sleet conducted large cryptocurrency heists while Sapphire Sleet conducted smaller yet more frequent cryptocurrency theft operations."
  • Software Supply Chain Attacks: "North Korean threat actors also conducted software supply chain attacks on IT firms resulting in access to downstream customers… Diamond Sleet used GitHub repos and weaponized npm packages in a social engineering spear-phishing campaign."
  • Targeting Specific Sectors and Countries: "North Korean cyber actors loot a record-setting amount of cryptocurrency to generate revenue for state… North Korean cyber actors targeted the United States, South Korea, and their allies… exemplified North Korea's geopolitical objective of countering the trilateral alliance among the United States, South Korea, and Japan."
  • Utilizing Legitimate Software Backdoors: "North Korean threat actors also utilized backdoors to legitimate software, capitalizing on vulnerabilities in existing software… Diamond Sleet frequently used weaponized VNC malware to compromise victims."

Here's the executive summary.

See also: Why is Twitter's takedown of accounts spreading disinformation from China such a big deal?