SecurityBrief Australia - Technology news for CISOs & cybersecurity decision-makers
Story image
Mandiant researchers uncover significant new disinformation campaign
Tue, 9th Aug 2022
FYI, this story is more than a year old

Researchers from Mandiant say they have uncovered a significant disinformation campaign from the Chinese Government in the wake of U.S. Speaker Nancy Pelosi's visit to Taiwan.

They say that after undertaking research, they have identified around 72 websites that are purporting to be reputable media outlets but are actually controlled by the Chinese Communist Party.

It is thought that the sites are being used to hype the danger associated with the trip and to smear Beijing's critics.

Mandiant says Beijing has used a combination of fake sites and social media to conduct what is, in effect, a campaign of information warfare in the wake of the speaker's visit. They have dubbed the campaign 'HaiEnergy'.

It was found that HaiEnergy primarily leverages a network of inauthentic websites to disseminate content, alongside a small set of seemingly inauthentic accounts that promote material and, in some cases, appear to author content on certain sites.

The research has also found Beijing has attempted to smear critics of its reported genocide against China's Uyghur population and even spread fake news about the U.S. Supreme Court overturning of Roe vs Wade.

Mandiant VP of intelligence analysis John Hultquist says tensions over Speaker Pelosi's visit have led to an increase in malicious cyber activity across the board.

"Two Chinese information operations we track have shifted their narratives in recent days to a focus on U.S. House Speaker Pelosi's expected visit and the supposed dangers of the situation," he says.

"We anticipate that Chinese actors are also carrying out significant cyber espionage against targets in Taiwan and the U.S. to provide intelligence on the crisis."

Researchers believe the fake news sites are linked to Shanghai Haixun Technology Co., Ltd, a Chinese public relations firm, which Mandiant refers to as Haixun in its report.

Hultquist says that while threat actors from China have previously responded to world events with cyber attacks, it has not often been of this scale or execution.

"Chinese actors have responded with cyber attacks to political crises like the Belgrade embassy bombing and the Hainan island incident in the past, but compared to their peers, they have not heavily leveraged this capability," he says.

"On rare occasion, Chinese state actors have been linked to DDoS capability, destructive attack, and possible probing of critical infrastructure. Nonetheless, we believe China is capable of significant cyber attacks inside Taiwan and abroad."

It was also interesting to note that despite a significantly large number of followers, the political posts made by fake accounts often failed to gain much traction outside of the campaign itself.