Cybersecurity firm Mandiant said Wednesday that a pro-China cyber group waged an aggressive influence campaign online that discouraged Americans from voting in the midterm elections and promoted clashes with the U.S government.
Mandiant said it previously saw the “DRAGONBRIDGE” threat group trying to mobilize protesters in the U.S. and has now witnessed the group sowing division, plagiarizing and altering news articles, and adopting false personas on social media to spread disinformation.
“Most notably, in September 2022, DRAGONBRIDGE accounts posted an English-language video across multiple social media platforms containing content attempting to discourage Americans from voting in the upcoming U.S. midterm elections,” Mandiant said in a newreport. “The video questioned the efficacy of voting and of U.S. government institutions more broadly.”
Mandiant said the video argued the solution was not to vote but to “root out this ineffective and incapacitated system” over an image of the Jan. 6, 2021, riot at the U.S. Capitol.
“The campaign also pointed to frequent mentions of ‘civil war’ on social media and incidents of politically motivated violence, including confrontations between individuals supporting opposing parties and acts against the FBI, as evidence of the deterioration of the political process and its impending demise,” the report said.
Alongside lambasting American democracy, the group also sought to manipulate news reports and cyber research to make it appear as though Chinese hackers were actually doing America’s bidding.
The group claimed the APT41 hacking group was developed by the U.S. government in posts on Twitter, according to Mandiant. The FBI has identified APT41 as Chinese hackers that also use the name Barium.
Mandiant has described APT41 as a group that combines state-sponsored cyberespionage with financially motivated cybercrime targeting a variety of sectors such as health care and media.
The DRAGONBRIDGE effort plagiarized a Radio Free Asia news article and altered it to describe the cyberattackers as a “U.S. hacking group,” according to Mandiant.
“Accounts plagiarized, altered, and otherwise mischaracterized news reporting and research from Mandiant and other cybersecurity organizations to support their allegations,” Mandiant‘s report said. “Such narratives appear to be a continuation of themes alleging malicious U.S. cyber activity that we have seen DRAGONBRIDGE promote since at least April 2022.”
The DRAGONBRIDGE effort also used accounts impersonating Intrusion Truth, a group known for exposing Chinese hackers online.
Mandiant vice president of intelligence analysis John Hultquist said in a statement that the DRAGONBRIDGE effort did not appear fully successful but he was troubled by their aggressive growth.
The coming midterm elections are not the first time China has sought to exert influence. The National Counterintelligence and Security Center issued a statement in August 2020 before the last presidential election saying China sought to “pressure political figures” that it determined were opposed to its interests and wanted to counter criticism of China.
Ahead of the 2022 midterms, the Biden administration has worked to squelch concerns that cyberattackers can successfully disrupt election infrastructure. The FBI and Cybersecurity and Infrastructure Security Agency published an assessment earlier this month that said cyberattacks are “unlikely to disrupt or prevent voting.”
“As of the date of this report, the FBI and CISA have no reporting to suggest cyber activity has ever prevented a registered voter from casting a ballot, compromised the integrity of any ballots cast, or affected the accuracy of voter registration information,” the agencies said earlier this month.
FBI and CISA did not immediately provide comment for this story.