china implicated in global digital spin campaign
Damien Black , Senior Journalist Updated on: 04 August 2022
china implicated in global digital spin campaign

Image by Shutterstock

A Chinese public relations company has been linked by digital intelligence firm Mandiant to what it says could be a covert disinformation campaign being conducted on dozens of its news websites.

Although distinct from the Dragonbridge information operations (IO) campaign previously observed by Mandiant, HaiEnergy appears to be following similar techniques, tactics, and procedures (TTPs), passing off what the cyber-research firm calls “inauthentic websites” as legitimate news outlets in more than 10 languages including English, Chinese, French, and Arabic.

As with Dragonbridge, HaiEnergy appears to be leveraging controversial Western figures in its attempts to promote favorable views of China and even fabricating evidence to support its claims.

Though Mandiant has linked Shanghai Haixun Technology to HaiEnergy, it could not determine whether the global PR firm is actually behind the campaign, which is targeting audiences across North America, the Middle East, Europe, and Asia.

“While we do not currently have sufficient evidence to determine the extent to which Haixun is involved in, or even aware of, HaiEnergy, our analysis indicates that the campaign has at least leveraged services and infrastructure belonging to Haixun to host and distribute content,” said Mandiant.

Outspoken advocates targeted

One of HaiEnergy’s chief targets highlighted by Mandiant is Adrian Zenz, a German anthropologist and Christian fundamentalist who has accused China of conducting cultural genocide against the Uyghur Muslim people of Xinjiang province.

HaiEnergy appears to be willing to go to some lengths to turn Western public opinion against the academic, using what Mandiant believes is a false Twitter persona named “Jonas Drosten” to post screenshots of seemingly fake letters suggesting Zenz is on the payroll of the US government.

Closer scrutiny by Cybernews of one of the letters reveals grammatical errors and bizarre syntax that suggest it may have been forged.

“The tweet and one of the letters argued that Zenz received financial support from US Senator Marco Rubio and former White House Chief Strategist Steve Bannon,” said Mandiant. “The other two letters implied that the financial support came from grants awarded to Zenz from the Victims of Communism Memorial Foundation in 2020 and 2021.”

The claims in themselves do not appear so far-fetched, but closer scrutiny by Cybernews of one of the letters reveals grammatical errors and bizarre syntax that suggest it may indeed have been forged.

The letter, allegedly from Rubio to Zenz, begins: “it has been a great pleasure meeting you last week in Washington,” omitting the capital that should mark the beginning of a sentence. Towards the end of the letter, Rubio allegedly writes: “I’m a great sponsor to you, along with my good friend Bannon,” referring to the controversial former White House adviser by his surname despite the close relationship between the two implied by the clause. The letter signs off: “Please do not esithate [sic] to contact me for any support.”

The Jonas Drosten persona is cited by Swiss Zeitung – identified by Mandiant as one of 72 sites hosted by Haixun – as a “new Twitter user” who has “revealed” that Zenz received two payments, of “$275,000” in 2019 and “again 300,000 [sic]” in 2020. Swiss Zeitung refers to Drosten as a “former colleague” of “data abuser” Zenz but does not appear to substantiate this claim.

china implicated in global digital spin campaign

Copies of three letters Mandiant believes are forged (top) and a story on Haixun-owned news site Swiss Zeitung that claims academic and China critic Adrian Zenz was paid by the US government.

While Mandiant said the HaiEnergy campaign had enjoyed little success and essentially constituted an “echo chamber” of opinion, it appears from its findings that agencies loyal to Chinese interests are becoming increasingly adept at using divisive Western figures to provoke dissent and at least try to steer global public opinion in its favor.

Zenz’s research is credited with exposing China’s program of mandatory detentions of Muslims on its soil, which has allegedly brought with it forced abortions and sterilizations to lower the ethnic minority population’s numbers. However, his motives for doing so may be questionable in the eyes of some – the lapsed Catholic turned born-again Christian told the Wall Street Journal in 2019 that he felt “led by God” to expose the atrocities.

And Bannon has been no stranger to controversy himself, having chaired the far-right news syndicate Breitbart and recently praised Russian leader Vladimir Putin for his conservative stance on LGBT rights.

Clever but ineffective

China’s willingness to use the West’s fractious political landscape as a means to present its own regime in a better light, therefore, demonstrates some conceptual adroitness – but as far as execution goes, Mandiant says it has yet to achieve any notable impact.

“We note that despite the capabilities and global reach advertised by Haixun, there is at least some evidence to suggest HaiEnergy failed to generate substantial engagement,” it said. “Despite large numbers of followers, the political posts promoted by inauthentic accounts we attribute to this campaign failed to gain much traction. This lack of amplification from external sources, not unlike what we typically observed with Dragonbridge, limited the campaigns’ ability to break out, essentially forming an echo chamber.”

Mandiant argues that the IO infrastructure itself is of more interest than its efficacy thus far because it suggests that the outsourcing of this service to third parties, in what it calls “IO for hire,” could become a trend.

“Despite large numbers of followers, the political posts promoted by inauthentic accounts we attribute to this campaign failed to gain much traction.”

Mandiant, digital intelligence analyst

Citing testimony by Facebook at its Congress hearing last year as evidence to support this claim, Mandiant said: “Meta testified about an increase in the use of such firms, which have been used to lower the barrier to entry for some threat actors and to obfuscate the identities of more sophisticated ones.”

Haixun is a PR firm that offers services in around 40 languages to more than 100 countries – about half the global total of state territories. Foremost among these are what it dubs “positive energy packages” designed to align with Xi Jinping’s era-defining emphasis on “messages positively portraying the Chinese Communist Party, the Chinese Government, and its policies.”

Mandiant said: “Among their most notable offerings are the Europe and US Positive Energy package, which includes content creation ostensibly geared towards English-speaking audiences, and the Positive Energy Project Edition, which focuses on the production of tailor-made videos, promotion of custom content through ‘high-quality media resources,’ and campaign impact monitoring.”

Whatever the ramifications of such campaigns and the extent of Haixun’s relationship with HaiEnergy, one thing seems clear enough: by hook or by crook, China is making some effort to catch up to the West in terms of its digital media savvy.

TECH NEWS RELATED

Shanghai police leak reveals China to be as vulnerable as any nation

Vilius Petkauskas , Journalist Updated on: 04 August 2022 Image by Edgar Su/Reuters. The record-breaking leak, if confirmed, would show that Chinese organizations deal with the same security issues as the West does. Reports show that most ransomware gangs focus on organizations in the US, UK, EU, Australia, or Canada, ...

View more: Shanghai police leak reveals China to be as vulnerable as any nation

Two terabytes of data released as hackers strive to expose companies' environmental damage

Anna Zhadan , Editor Updated on: 04 August 2022 The hacking collective Guacamaya hacked and released over two terabytes of data from five mining companies and two public agencies in Central and South America to expose the negative environmental developments in the area. A collection of files and emails was ...

View more: Two terabytes of data released as hackers strive to expose companies' environmental damage

Robot to showcase its surgery skills on ISS

Justinas Vainilavičius , Senior Journalist Updated on: 04 August 2022 Craig Chandler/University Communication A surgery-performing robot developed by the University of Nebraska-Lincoln will blast into space to perform tests on the International Space Station in 2024 as NASA continues to ramp up its efforts in preparation for deep space travel. ...

View more: Robot to showcase its surgery skills on ISS

Crypto spring will return: don’t panic sell

Neil C. Hughes Updated on: 04 August 2022 Many panic sellers have lost a lot of money, and everyone else will be looking at a deflated portfolio, wondering how long crypto winter will last. The global market cap has dived from $3 trillion to its current valuation of around ...

View more: Crypto spring will return: don’t panic sell

How long will crypto winter last?

Neil C. Hughes Updated on: 04 August 2022 Many panic sellers have lost a lot of money, and everyone else will be looking at a deflated portfolio, wondering how long crypto winter will last. The global market cap has dived from $3 trillion to its current valuation of around ...

View more: How long will crypto winter last?

Criminals “solved” bot defense leading to an uptick in stolen accounts

Jurgita Lapienytė , Deputy Chief Editor Updated on: 04 August 2022 Image by Shutterstock There’s been an uptick in stolen accounts as criminals increasingly rely on a tool that bypasses most bot management systems. Threat actors found a way to “solve” a bot detection system’s defense and are now selling ...

View more: Criminals “solved” bot defense leading to an uptick in stolen accounts

Cisco patches critical remote code execution bugs in VPN routers

Vilius Petkauskas Updated on: 04 August 2022 Image by Shutterstock. Cisco released patches to mitigate vulnerabilities, some of which would allow remote code execution (RCE) attacks or cause a denial of service (DoS) in a device. US tech giant Cisco released patches for critical vulnerabilities affecting its Small Business ...

View more: Cisco patches critical remote code execution bugs in VPN routers

Ditch hot wallets, experts tell crypto holders after Solana hack

Damien Black Updated on: 04 August 2022 Image by Shutterstock Crypto experts have reacted with dismay to the recent hack of Solana that robbed users of some $8 million, with many calling for investors to swap convenience for security and trade the more easily hackable hot wallets for cold ...

View more: Ditch hot wallets, experts tell crypto holders after Solana hack

Crypto scammers posing as Elon Musk briefly hack Imran Khan’s Instagram account

US and China have most hijacked machines, says report

Nightmare cyberattack is comparable to a natural disaster – interview

UK to invest £6m in quantum computing

What your company needs to understand about digital privacy (but probably doesn't)

New cybersecurity tool simplifies site evaluations

Reddit awards hero hacker $10k bounty

Nomad knew of a flaw resulting in a $190m heist two months beforehand - report

Samsung launches self-repair program

Taiwan's presidential website hit by a cyberattack shortly before Pelosi's visit

The internet's autoimmune problem: how ethical hackers face prosecution to this day

League of Legends players targeted with file-locking malware

OTHER TECH NEWS

Top Car News Car News