Cybersecurity firm Mandiant said Wednesday that a pro-China cyber group waged an aggressive influence campaign online that discouraged Americans from voting in the midterm elections and promoted clashes with the U.S government.
Mandiant said it previously saw the “DRAGONBRIDGE” threat group trying to mobilize protesters in the U.S. and has now witnessed the group sowing division, plagiarizing and altering news articles, and adopting false personas on social media to spread disinformation.
“Most notably, in September 2022, DRAGONBRIDGE accounts posted an English-language video across multiple social media platforms containing content attempting to discourage Americans from voting in the upcoming U.S. midterm elections,” Mandiant said in a new report. “The video questioned the efficacy of voting and of U.S. government institutions more broadly.”
Mandiant said the video argued the solution was not to vote but to “root out this ineffective and incapacitated system” over an image of the Jan. 6 riot at the U.S. Capitol.
“The campaign also pointed to frequent mentions of ‘civil war’ on social media and incidents of politically motivated violence, including confrontations between individuals supporting opposing parties and acts against the FBI, as evidence of the deterioration of the political process and its impending demise,” the report said.
Alongside lambasting American democracy, the group also sought to manipulate news reports and cyber research to make it appear as though Chinese hackers were actually doing America’s bidding.
SEE ALSO: Ex-Marine Corps aviator suspected of training Chinese pilots
The group claimed the APT41 hacking group was developed by the U.S. government in posts on Twitter, according to Mandiant. The FBI has identified APT41 as Chinese hackers that also use the name Barium.
Mandiant has described APT41 as a group that combines state-sponsored cyberespionage with financially motivated cybercrime targeting a range of sectors from healthcare to media.
The DRAGONBRIDGE effort plagiarized a Radio Free Asia news article and altered it to describe the cyberattackers as a “U.S. hacking group,” according to Mandiant.
“Accounts plagiarized, altered, and otherwise mischaracterized news reporting and research from Mandiant and other cybersecurity organizations to support their allegations,” Mandiant’s report said. “Such narratives appear to be a continuation of themes alleging malicious U.S. cyber activity that we have seen DRAGONBRIDGE promote since at least April 2022.”
The DRAGONBRIDGE effort also used accounts impersonating Intrusion Truth, a group known for exposing Chinese hackers online.
Mandiant vice president of intelligence analysis John Hultquist said in a statement that the DRAGONBRIDGE effort did not appear fully successful but he was troubled by their aggressive growth.