In the final part of our Information Operation White Paper, we will demonstrate China's Information Operations (InfoOps) targeting the global audience. The first part of the report displays a brief overview of its overt operations which are carried out by state media, embassies, and diplomats. Then we look into the covert operations, which can be observed in pro-China fan pages, content farms, and spam botnet. Last but not least, we provide the case study of "Operation Juiker" on Taiwan's largest forum PTT, which suggests the possibility of the APT (Advanced Persistent Threat) actors entering the threat landscape.
Key Takeaways
1. China has escalated the level of overt InfoOps via state-media and diplomats.
Chinese state media, diplomats, and embassies are the main actors of Chinese overt InfoOps. They shoulder the task to polish the image of the regime and propagate the narrative of the Chinese Communist Party (CCP). It is noteworthy that their official accounts have obtained an unexpected number of followers in recent years. For instance, four Chinese state media are included in the top 20 most-followed pages on Facebook. Their main audience, apart from the Chinese citizens, are overseas Chinese diaspora, which many of them have rights to vote in countries such as the U.S., Canada, and Australia, thus having the ability to influence a country's politics.
2. Covert InfoOps remain active on Western social media platforms.
2020 is a year which has set many records. This year, the takedowns of covert Chinese social media accounts by Facebook, Twitter, and Google are more frequent than ever. However, even with such efforts, we observed that there are new covert actors emerging across the platforms, while the banned actors keep coming back to the scene by registering new domains and new accounts. We spotted that there is a huge number of Facebook pages with admins located in China dedicated to disseminating Chinese propaganda content originated from Chinese social media platform, Weibo. Besides, there are sophisticated actors that create websites and subtle content to help the Chinese government shaping the narrative for the Hong Kong protest. We also detected numerous networks of pro-China political accounts that demonstrated strong signs of automated behavior.
3. APT actors might have entered the InfoOps threat landscape.
The situation is become more alarming as we discovered that the Advanced Persistent Threat (APT) actors might have entered the InfoOps threat landscape. APT actors, typically a state-sponsored group, usually conduct prolonged and targeted cyberattacks to mine highly sensitive data. However, in mid-2020, we identified an InfoOp that can be linked to a notorious Chinese APT group which TeamT5 intelligence team has tracked for years. We discovered that the threat actors had disseminated disinformation about "Juiker," a messaging app developed by Taiwan's research institute and widely used by government units, on Taiwan's largest forum PTT. The operation, which we dub as "Operation Juiker," aimed to discredit Taiwan's intelligence agency and government-backed research institute by spreading disinformation of the messaging app being hacked.
4. It is more crucial than ever to adopt threat intelligence solutions to combat the issue.
The abovementioned Operation Juiker has well demonstrated the possibility of "APT + InfoOp" attack model, which involves targeted social media campaigns disseminating disinformation based on highly confidential data. Such situation is super tricky, and it could pose a great threat to democratic countries. In this case, threat intelligence can help provide instant analysis of actor methodologies, suspicious indicators, and potential risks. We suggest that it is crucial for government units, critical infrastructure operators, and major business vendors to apply threat intelligence to combat this issue.
If you are interested in this white paper, please fill out the form below and get the full-text PDF.
And don't miss our blog updates! Follow us on Twitter.
And don't miss our blog updates! Follow us on Twitter.
Related Post
Information Operation
2020.03.18
TeamT5 Information Operation White Paper I: Observations on 2020 Taiwanese General Elections
Taiwan, Presidential Election, SNS, China, little pink, outsourced
Events
2020.10.27
TeamT5 Exhibits at "CODE BLUE 2020" Virtual Event
Japan, cyber security, Code Blue, exhibition, cyber threat intelligence, threat hunting
Information Operation
2020.04.21
Special Report: How China Utilizes Its Cyber Strength and Propaganda Machine to Handle the COVID-19 Pandemic
China, COVID-19, Patient Zero, Influenza B, Health Code System
Threat Intelligence
2022.02.21
China’s Cyber Power Intel Roundup 2021: Tech Crackdown, Regulatory Storm, and Power Expansion
China, cyber threat intelligence, threat hunting
Information Operation
2020.07.15
TeamT5 Information Operation White Paper II: China’s Digital Propaganda Formula inside the Great Firewall
China, digital propaganda, social media, cyber governance, trolling army
Events
2021.10.04
[TeamT5 x CODE BLUE 2021] Because Security Matters
Japan, cyber security, Code Blue, exhibition, threat hunting, cyber threat intelligence
News
2021.02.15
[Korea ETNews] China, Information Warfare... Mobilizing Public Opinion Manipulation And APT Group
China, cyber governance, Information Operation, cyber threat intelligence, threat hunting