Chinese Disinfo Campaign Targeting US Midterm Elections'Dragonbridge' Spreads Anti-Voting Message, Impersonates Cybersecurity Researchers
A Chinese threat actor is targeting the U.S. midterm elections by using fake social media accounts to dissuade Americans from voting.
See Also: 2022 Unit 42 Incident Response Report
Researchers from Mandiant say an influence campaign promoting the political interests of Beijing that's been active since at least 2019 has lately taken to posting social media content casting doubt on voting's efficacy and invoking the prospect of "civil war."
Mandiant dubs the campaign Dragonbridge. Partisan dominance over the U.S. Congress for the next two years - it's currently controlled by Democrats with a very slim majority – hinges on the outcome of nationwide voting that concludes on Nov. 8. Foreign interference from authoritarian governments via social media and other means has been a danger facing elections across the United States and other democratic countries since 2016.
Some critics of social media companies contend online platforms are poorly incentivized to stop disinformation due to Section 230 of the Communications Decency Act of 1996, a law shielding online platforms from lability for user-generated content. The Supreme Court earlier this month agreed to hear a case challenging the scope of the law.
Among the messages spread by Dragonbridge is a video asserting that "the solution to America's ills is not to vote for someone," but rather to "root out this ineffective and incapacitated system." The campaign also frequently references mentions of "civil war" on social media as evidence of the impending demise of the American political system. "Civil war" has been a theme particularly embraced by right wing social media following the 2020 electoral defeat of President Donald Trump.
Dragonbridge has also taken to claiming that Chinese state-sponsored espionage group APT41 is actually a U.S. advanced persistent threat. APT41, also known as Barium, Winnti, Wicked Panda and Wicked Spider, has compromised at least six U.S. state government networks, in some cases via an app used to trace livestock diseases. Five of its hackers are under indictment by the Department of Justice (see: Feds: Chinese Hacking Group Undeterred by Indictment).
Its pursuit of an apparent "I'm rubber, you're glue" strategy included publishing altered Mandiant content to change the nationality of APT41 from Chinese to American. The campaign also very likely impersonated Intrusion Truth, a group known to unveil China-nexus cyber threat actors. Dragonbridge created Twitter accounts impersonating Intrusion Truth. Other cybersecurity researchers spotted the fake accounts attributing APT41 to the U.S. National Security Agency. The Intrusion Truth Twitter account responded by saying, "Imitation is the sincerest form of flattery. #APT41 can’t seem to stop themselves from emulating our work. We must be doing something right."