Search This Blog

Powered by Blogger.

Blog Archive

Labels

Massive China-Linked Disinformation Campaign Taps PR Firm for Help

Another Chinese information operation that is attempting to improve the country's image overseas has been discovered.

 

Security experts have discovered another Chinese information operation that is attempting to improve the country's image overseas by utilising a large number of fake news sites and social media assets. 

The content, which is available in 11 languages, tries to win hearts and minds over to Beijing's way of thinking by undermining criticism of the Xinjiang genocide and the deterioration of democracy in Hong Kong. 

According to Mandiant, among the Communist Party opponents targeted in the campaign are Chinese billionaire Guo Wengui and German anthropologist Adrian Zenz, who is known for his study on Uyghur oppression. The campaign's most striking feature is that it appears to leverage infrastructure owned by local public relations business Shanghai Haixun Technology, a company that promotes "positive thinking." 

According to Mandiant in a blog post, the word "positive energy" is particularly loaded in China since it is frequently used by the Xi Jinping government to refer to communications that reflect Beijing positively. As a result, Mandiant dubbed the information operations effort "HaiEnergy." 

“While we do not currently have sufficient evidence to determine the extent to which Haixun is involved in, or even aware of HaiEnergy, our analysis indicates that the campaign has at least leveraged services and infrastructure belonging to Haixun to host and distribute content,” the firm explained. 

“In total, we identified 72 websites (59 domains and 14 subdomains) hosted by Haixun, which were used to target audiences in North America, Europe, the Middle East and Asia.” 

The campaign has solely relied on Haixun's internet infrastructure to post information and host websites. In reality, those sites share significant commonalities, indicating a coordinated strategy, including: 
  • Nearly all the English language sites are built with a Chinese-language HTML template
  • Several of the sites that include a domain and subdomain are disguised to appear as different, independent sites
  • Many of the sites link directly to other sites in the network
  • The same articles are often published across multiple sites
If Haixun is actively involved in this effort, it would be a continuation of a pattern in which threat actors utilise "info ops for hire" organisations to perform their dirty work, according to Mandiant. The one advantage is that it does not appear to have paid off on this occasion.

“We note that despite the capabilities and global reach advertised by Haixun, there is at least some evidence to suggest HaiEnergy failed to generate substantial engagement,” the report concluded.

“Most notably, despite a significantly large number of followers, the political posts promoted by inauthentic accounts we attribute to this campaign failed to gain much traction outside of the campaign itself.”

Share it:

China

Cyber Crime

Data

Information

Infrastructure

Privacy

Security