Cyber sleuths blame China-based digital propaganda for fanning Asian American protests
Cybersecurity researchers discovered a large-scale, pro-China digital influence campaign that stoked Asian American anger over reports of racial injustice and shifted blame to the U.S. for the origins of COVID-19.
Cybersecurity firm FireEye’s Mandiant division uncovered the operation, which used at least 30 social media platforms and dozens more websites in several languages, including Chinese, English, Russian, German, Spanish, Korean and Japanese.
The researchers said the use of various languages and platforms indicated that the pro-China offensive had ramped up to reach a wider audience around the world.
“This suggests that the actors behind the campaign have significantly expanded their online footprint and appear to be attempting to establish a presence on as many platforms as possible to reach a variety of global audiences,” FireEye Mandiant threat analysts Ryan Serabian and Lee Foster wrote when disclosing the scheme. “Second, the attempt to physically mobilize protesters in the U.S. provides early warning that the actors responsible may be starting to explore more direct means of influence and may be indicative of an emerging intent to motivate real-world activity outside of China’s territories.”
The researchers did not identify the Chinese Communist Party as the culprit but linked the digital propaganda campaign to China-based accounts that Twitter took down in 2019.
FireEye observed thousands of posts in April that called for Asian Americans to protest perceived racial injustices. Some posts urged Asian Americans to participate in an April 24 protest in New York City to push back against Trump White House strategist Steve Bannon, exiled Chinese billionaire Guo Wengui and Li-Meng Yan, a Chinese virologist who says COVID-19 was made in a Chinese government lab.
Ms. Yan gained attention last year by telling Fox News’ Tucker Carlson that the virus was created by China and intentionally spread to cause damage.
The pro-China influence campaign also sought to shift blame for COVID-19’s origin from China to the U.S., specifically to the national bio-defense lab at Fort Detrick, Maryland. The disinformation campaign used Russian-language posts to claim that Fort Detrick was the source of the virus. Posts in Spanish also identified Fort Detrick and linked to articles claiming that the virus appeared in the U.S. and Europe before China, according to FireEye.
Fort Detrick has long been a target of foreign adversaries’ propaganda. During the 1980s, the Soviet Union spread rumors that HIV/AIDS was genetically engineered or created during biological weapons research at the U.S. Army’s Medical Research Institute for Infectious Diseases at Fort Detrick, according to the Wilson Center.
The Soviets’ Fort Detrick-HIV/AIDS propaganda campaign ran from 1983 until 1989, according to the Journal of Cold War Studies. The Soviet Union viewed its initial efforts to blame the U.S. as a success thanks to “numerous bourgeois newspapers,” particularly among people in African countries who viewed other theories linking the outbreak of HIV/AIDS to African monkeys as racist, according to the journal.
China’s efforts to deflect blame for the COVID-19 pandemic also were initially successful.
Discussions about COVID-19 originating in China were met last year with condemnation by fact-checkers working for news publishers and social media companies. Until this May, Facebook removed content asserting that COVID-19 was man-made or manufactured.
PolitiFact, a fact-checking website, scrapped a September 2020 article about Ms. Yan voicing a “debunked” theory that COVID-19 was created in a lab. PolitiFact removed the fact-check in May.
Although the digital disinformation targeting Asian Americans had limited impact, the FireEye Mandiant researchers viewed the tactics and calls for real-world action as an escalation of digital influence warfare.
Google Threat Analysis Group’s Shane Huntley said on Twitter that Google had identified and taken down content from the same network that FireEye Mandiant observed, including content from nearly 50,000 YouTube channels.
“Despite the lack of engagement, the volume and persistence shown by this network is noteworthy,” Mr. Huntley said on Twitter. “We anticipate they will continue to experiment to drive higher engagement and encourage others in the community to continue tracking this actor and taking action against them.”
Yoel Roth, head of site integrity for Twitter, said disinformation campaigns are new on social media but have precedent in other cybersecurity challenges.
“These are well-established enterprises,” Mr. Roth tweeted in reference to the people behind the digital influence campaign. “It’s why fighting disinformation often looks a lot like fighting spam; the content is different but the tactics remain fundamentally the same.”