A pro-Chinese government online influence operation is targeting Americans in an effort to exploit divisions over the Covid-19 pandemic and “physically mobilize protestors in the US in response,” according to a new report from cybersecurity firm Mandiant and experts at Google.
The operation, which initially attempted to discredit pro-democracy protests in Hong Kong in 2019, has expanded into a “global campaign that’s operating in seven languages, on at least 30 social media platforms and across 40+ website & forums,” experts at Mandiant and Google say, noting parallels to the Russian disinformation campaign around the 2016 presidential election.
US officials believe the operation is linked to the Chinese government and have been monitoring its evolution, according to one source familiar with the situation. During the 2020 election, US officials were watching to see if the operation might be used to spread disinformation but ultimately assessed that the Chinese government avoided doing so because it did not want to provoke a response, the source added.
Months later, experts have observed an “explosion of activity” across the world and the move to make physical protests happen in the US “demonstrates they are a very serious threat,” Mandiant Threat Intelligence Vice President John Hulquist told CNN.
“This direct call for physical mobilization is a significant development compared to prior activity, potentially indicative of an emerging intent to motivate real-world activity outside of China’s territories,” the report says. “While this attempt did not appear to achieve any success, we believe it is critical that observers continue to monitor for such attempts in case greater degrees of organic engagement are later realized by the network.”
In April for example, experts saw thousands of fake accounts calling on Asian Americans to protest racial injustice in the US and “disinformation about the virus’ origins.” While experts found no evidence these posts were successful in mobilizing protesters, the report says “it does provide early warning that the actors behind the activity may be starting to explore, in however limited a fashion, more direct means of influencing the domestic affairs of the US.”
While there has been limited engagement with these pro-Chinese accounts, the operation’s massive scope shows the actors responsible have “significantly expanded their online footprint and appear to be attempting to establish a presence on as many platforms as possible to reach a variety of global audiences,” according to Mandiant’s experts.
“Over the past two years, we have seen this threat actor evolve, from the types of content they publish to the tactics they use to amplify it. However the most significant features of this network remain its scale and persistence, in spite of low engagement levels. That is why we’ve taken an aggressive approach to identifying and removing disinformation from this network,” Shane Huntley, Director of Google’s Threat Analysis Group, said.
“We anticipate they will continue to experiment to drive higher engagement and encourage others in the community to continue tracking this actor, shedding light on their operations and taking action against them,” he added.
Cyber espionage from China against the United States has spiked since the Covid-19 outbreak began and Beijing has consistently sought to shape the global narrative through overt and covert means.
For months, Chinese officials have overtly spread false and misleading information about the virus and its origins.
But the US and several of its European allies have also been more cautious in attributing disinformation and other malicious cyber activity to China than it has other state actors, namely Russia and Iran in recent years.
When pressed on the issue In May 2020, European Commission President Ursula von der Leyen denied allegations that the EU watered down a report on coronavirus disinformation after being pressured from China.
While experts at Mandiant and Google say they have not seen these specific pro-Chinese accounts wade into election specific content to date, they did warn that the actors responsible could be gearing up for a more expansive disinformation push that could very well be conducted in a similar way to Moscow’s campaign to meddle in the 2016 US election. with similar intent to what US intelligence agencies said was deployed by Moscow during the 2016 race.
Beijing isn’t the only US adversary linked with sweeping online efforts to undermine confidence in democratic institutions. German officials on Monday blamed Russia’s GRU military intelligence agency for a hacking campaign targeting politicians ahead of Germany’s general election in September. The same hacking group has also gone after US allies such as Poland with false narratives about NATO, according to researchers.
CNN’s Sean Lyngaas contributed reporting.