Microsoft report highlights Chinese social media campaign against U.S.

Sept. 7 (UPI) -- Microsoft accused China on Thursday of operating a disinformation campaign targeting political candidates by impersonating U.S. voters on numerous social media platforms.

In a threat analysis report, Microsoft said that the Chinese Communist Party has improved its sophistication in engaging targeted audiences and their spread is much wider than observed in the past.

"Since the beginning of 2023, Microsoft Threat Intelligence has identified three areas of particular focus for China-affiliated cyber threat actors: the South China Sea, the U.S. defense industrial base, and U.S. critical infrastructure," the report said.

Microsoft said that before the 2022 midterm elections, Microsoft and industry partners observed Chinese-affiliated social media accounts impersonating voters across the political spectrum and responded to comments from authentic users.

"In both behavior and content, these accounts display many well-documented Chinese IO tactics, techniques, and procedures," Microsoft said.

The Justice Department said Chinese "troll farms" have created thousands of fake online personas and pushed Chinese propaganda targeting pro-democracy activists. Some have started to use artificial intelligence to now create visual content.

"These images bear the hallmarks of diffusion-powered image generation and are more eye-catching than awkward visual content in previous campaigns," Microsoft said. "Users have more frequently reposted these visuals, despite common indicators of AI-generation -- for example, more than five fingers on a person's hand."

In a second report released Thursday, Microsoft published the findings of an internal investigation detailing how a suspected Chinese hacker pried into email accounts at government agencies in the United States and Europe for more than two years before the breach was discovered in June.

A Chinese-based cybercriminal who goes by the handle Storm-0558 first gained access to the Microsoft emails of high-level officials in April 2021. Investigators found that the hacker used a consumer key from a legitimate Microsoft account to forge security tokens that allowed backdoor access to Outlook.com.

The breach was found by technical staff at the State Department on June 16 after nine U.S. organizations and agencies and more than two dozen global entities were targeted through apparent cracks in Microsoft's cloud security system.