CCP’s Increasingly Sophisticated Cyber-enabled Influence Operation

As a case study, we reveal a previously unreported CCP cyber-enabled influence operation linked to the Spamouflage network, which Twitter and Meta attributed to the Chinese Government in 2019. This new iteration of the network is using inauthentic accounts on US-based and China-based social media platforms to spread unverified claims that the US is irresponsibly conducting cyber-espionage operations against China and other countries. Drawing on slip-ups like an open browser tab identifiable in an image accidentally tweeted by a Spamouflage-linked account, we believe the Chinese Government agencies conducting this influence operation named it ‘Operation Honey Badger.’

Those anti-US claims appear to be part of a broader CCP propaganda campaign to support the expansion of Chinese cybersecurity services abroad and counter similar accusations of Chinese cyber operations. There may also be a domestic propaganda purpose to garner public support for China’s new cybersecurity laws by highlighting the US as a major threat.

Accounts in the network often posed as Westerners outside of China but our research geolocated some of the operators of the Spamouflage-linked accounts to Yancheng in Jiangsu Province. In addition, we show it’s likely that at least some operators behind the campaign are affiliated with the Yancheng Public Security Bureau, the MPS or are ‘internet commentators’ hired by the Cyberspace Administration of China.

The Washington Post discovered other possible links to Chinese police officers after ASPI shared a list of Weibo accounts that were likely part of the network. In one case, The Washington Post discovered an account that appears to have a self-taken photo of a Chinese police officer as its profile image.

Chinese cybersecurity company Qi An Xin (奇安信), a partly state-owned enterprise, also appears at times to be supporting the influence operation. Our research shows the company is deeply connected with Chinese intelligence, military and security services and that it might provide digital infrastructure support to Chinese Government agencies that conduct clandestine operations online.

Finally, the report provides key recommendations to policymakers and social-media platforms to counter the CCP’s increasingly sophisticated, cyber-enabled influence operations. Democratic governments and social-media platforms must shift from reactive responses to proactive strategies rapidly. This will require a reprioritization of these issues and greater coordination and investment of resources.

For example, definitive public attribution like the unsealed US DOJ complaint can play a larger role in deterring malicious actors. The value of public attribution goes beyond deterrence too. It’s important that general publics are given basic information so that they’re informed about contemporary security challenges.

Social-media platforms should take advantage of the digital infrastructure, which they control, to more effectively deter cyber-enabled influence operations. To disrupt future influence operations, social-media platforms could remove access to engagement analytics for suspicious accounts breaching platform policies, making it difficult for identified malicious actors to measure the effectiveness of influence operations.

Government partners and allies should also strengthen intelligence diplomacy on this emerging security challenge and seek to share more intelligence with one another on such influence operations. Strong open-source intelligence skills and collection capabilities are a crucial part of investigating and attributing these operations, the low classification of which should make intelligence sharing easier.

For now, inauthentic accounts on social media—which hide their true origins and state affiliation—allow the CCP to continue pursuing its interests globally and provide plausibly deniable cover for its true strategic intentions. Those clandestine operations undermine the freedom of online users to form independent opinions and prevent general publics from judging and holding the CCP’s actions to account.

CCP influence operations have already had an immediate impact by silencing and deterring Asian women from reporting critically on China. Left unaddressed, the CCP’s increasing investment in influence operations online threatens to successfully influence the economic decision-making of democracies, destabilize social cohesion during times of crisis, sow distrust of leaders or institutions and processes, fracture alliances and partnerships, and further deter journalists, researchers and activists in democracies from expressing their opinions.

Albert Zhang is an analyst in the International Cyber Policy Centre at ASPI. This article is published courtesy of the Australian Strategic Policy Institute (ASPI).