Microsoft report: Russia, China ramp up AI-powered cyberattacks on US

Russia, China, Iran, and North Korea have dramatically escalated their use of artificial intelligence to conduct cyberattacks and spread disinformation targeting the United States, according to Microsoft’s latest digital threats report. The tech giant identified more than 200 instances in July 2025 of foreign adversaries using AI to create or amplify fake content online—a figure that has doubled since 2024 and increased tenfold since 2023, marking a pivotal shift in how America’s rivals are weaponizing cutting-edge technology against U.S. interests.

What you should know: AI has fundamentally transformed how state-backed hackers and influence operations target the United States, enabling unprecedented sophistication and scale.

• State-backed hackers are using AI to generate persuasive fake news, clone voices and faces of public officials, and create deepfake videos to spread disinformation and sow discord.
• AI tools are helping attackers craft flawless phishing emails and automate data breaches targeting sensitive government and corporate networks.
• “America’s adversaries — and criminal gangs working with them — are exploiting AI’s potential to make their cyber operations faster, smarter, and harder to detect,” the Microsoft report stated.

The big picture: The United States remains the primary target of global cyberattacks, with American government agencies, private corporations, hospitals, and universities being hit more frequently than ever before.

• Israel and Ukraine rank as the second and third most targeted countries, respectively, reflecting how digital conflicts have intensified amid ongoing wars in Gaza and Eastern Europe.
• “Cyberattacks have become an extension of geopolitical competition,” Microsoft noted, adding that online operations now often accompany military or diplomatic confrontations.

North Korea’s sophisticated deception: One of the report’s most striking revelations involves North Korean hackers using AI-generated personas to infiltrate U.S. companies through fake job applications.

• North Korean operatives are using AI tools to create fake American identities, complete with realistic résumés, LinkedIn profiles, and video interviews to apply for remote tech jobs in the U.S.
• Once hired, these operatives gain access to sensitive data and intellectual property, which they steal and send back to Pyongyang to bypass sanctions and fund nuclear and missile programs.
• “Cyber is a cat-and-mouse game,” said Nicole Jiang, CEO of Fable, a San Francisco cybersecurity firm. “Access, data, information, money — that’s what they’re after. AI just makes it easier to deceive.”

What they’re saying: Microsoft executives warn that organizations must urgently modernize their cybersecurity defenses to match the AI-enhanced threat landscape.

• “We see this as a pivotal moment where innovation is going so fast,” said Amy Hogan-Burney, Microsoft’s vice president for customer security and trust. “This is the year when you absolutely must invest in your cybersecurity basics.”
• “Many organizations are still relying on outdated defenses,” she warned. “Meanwhile, attackers are using AI to innovate every day.”

Foreign governments deny involvement: The governments of Russia, China, and Iran have issued statements denying Microsoft’s allegations.

• Beijing’s foreign ministry accused the United States of “spreading lies to smear China,” claiming that Washington itself is “the world’s largest cyber aggressor.”
• Iran’s mission to the United Nations said Tehran “does not initiate any form of offensive cyber operation against any state,” adding that “as a victim of cyber operations, [Iran] will respond to any such threat in a manner proportionate to its nature and scale.”

Why this matters: AI has ushered in a new era of global cyber warfare, with fake content becoming increasingly indistinguishable from real material and posing serious challenges for detection.

• “AI allows bad actors to operate at a scale and speed we’ve never seen before,” Microsoft warned. “What once took days or weeks of manual work can now be done in seconds.”
• “Technology itself is neutral,” Hogan-Burney concluded. “But how it’s used — that’s where the danger lies. The next front line of conflict is not on land, sea, or air. It’s online.”