By finding a trail linking the Chinese security apparatus with efforts to malign the United States, the think tank has shown expanded scope and ambition of Chinese influence operations.
“The Chinese Communist Party’s covert influence operations on social media have become more frequent, sophisticated, and effective in targeting democracies, disrupting foreign policies and decision-making processes,” said Albert Zhang, lead author of the report, “Gaming public opinion: The CCP’s increasingly sophisticated cyber-enabled influence operations.”
“Networks of social media accounts that have previously been linked to the Chinese government often hide their state-affiliation and pose as Westerners,” he said. “In recent years they have expanded to target audiences outside China and support the CCP’s strategic interests.”
ASPI researchers found more than 4,000 posts on Twitter, Reddit, Facebook, China’s Sina Weibo and online blogs and forums last year posting identical content alleging the CIA and the National Security Agency were surveilling China and other countries. The posts coincided with statements by China’s foreign ministry criticizing U.S. cyber activities.
Some of the accounts found to be posting similar content on Chinese platforms showed links to local public security bureaus, law enforcement offices responsible for policing and public security.
Many of the accounts amplified analysis by Chinese cybersecurity firms and in some cases used those companies’ logos in posted graphics. They hashtags in English and Chinese such as #EspionageEmpire or #USthreatenscybersecurity.
Since 2019, Twitter and Meta have been taking down networks of “spamouflage” accounts that they had linked to the Chinese government. The armies of fake or hijacked accounts posted content echoing Beijing’s stance on issues like Hong Kong’s protest movement, allegations of rights abuses in Xinjiang or the origins of the coronavirus.
Using links, hashtags and images shared in previously released Twitter and Meta data sets, ASPI researchers found additional spamouflage accounts that were still active online. The bulk of their posts were published during the week between 8 a.m. and 6 p.m. Beijing time, with an apparent break for lunch between 12 p.m. and 2 p.m.
Zhang said this campaign represented a “new iteration of the network” that was focused on U.S. cyberespionage — and possibly designed to help Chinese companies with their international expansion plans.
“These claims seem to be part of a broader CCP propaganda campaign to support the expansion of Chinese cybersecurity services abroad and counter similar accusations of Chinese cyberespionage,” he said.
Researchers have long struggled to definitively attribute covert Chinese influence activities to the government. Such activity is believed to be carried out through a combination of state and party entities, security and private Chinese companies.
Even less is known about the role of China’s powerful Ministry of Public Security in the government’s broader campaign to “tell China’s story well,” an edict from Chinese leader Xi Jinping.
As China’s reputation suffered in the wake of the pandemic and was further damaged by its continued friendship with Russia throughout the Ukraine war and worsening ties with Western countries, pushing those messages has become even more crucial.
At the 20th Party Congress in October, Xi again called for strengthening China’s voice abroad so that it is “commensurate with our national strength and international status.”
Bidding documents and contracts previously reviewed by The Washington Post showed that police were among government entities purchasing systems to mine Western social media in 2021. Some of the budgeting included buying and maintaining foreign social media accounts on behalf of police departments.
One account on the Chinese microblog Weibo, identified as likely part of the current campaign, appeared to belong to a Chinese police officer in Jiangsu province. The profile photo of the account, whose only public activity was reposting content on U.S. cyberbullying, showed a man in a police uniform.
Based on its IP address, the user was in Jiangsu province, where several accounts highlighted in the ASPI report appeared to have links to local public security bureaus. (Since last year, Chinese social media platforms have been required to show users’ IP address locations as a way to prevent users abroad from pretending to be in China.)
Another account flagged as part of the operation used a police station as its profile image. The image was geolocated to the Gangbei Police Station of the Jianhu County Public Security Bureau in Yancheng city in Jiangsu province. Several accounts were shown to be posting from Yancheng. The accounts posted only content related to U.S. cyberespionage and the only other accounts they followed were the Yancheng Public Security Bureau.
ASPI researchers said public security bureaus may have been responding to a national campaign to respond to coordinated criticism by the United States, the European Union, NATO and others in 2021 that Chinese hackers linked to the Ministry of State Security were responsible for an attack on Microsoft’s email server software.
According to Mareike Ohlberg, a senior fellow at the German Marshall Fund who has analyzed bidding documents, public security bureaus were previously focused on influencing Chinese communities abroad.
“If you already have these public security bureaus with this infrastructure in place, why don’t you just add this and that to engage in public opinion struggle overseas,” she said.
The campaign also underlines the potential for Chinese influence operations to promote specific companies or industries. In 2021, China’s Ministry of Information unveiled a three-year plan to develop Chinese cybersecurity firms and grow the industry to be worth $38.6 billion by 2023.
Accounts linked to the campaign relied on a report on U.S. surveillance by Pangu Labs, affiliated with one of China’s largest cybersecurity companies, Qi An Xin. The logo of its former parent company, Qihoo 360, appeared on several posts.
Qi An Xin is partly state-owned and in 2021 was selected by the Beijing city government as one of 20 “invisible champions,” a title given to companies developing technology deemed important for national strategy. The company has a partnership with the Yancheng Public Security bureau to improve police capabilities and combat internet crime, according to a statement from the public security bureau in 2019.
“Qi An Xin, directly and indirectly, benefits from the narratives disseminated,” the report concluded, “because that creates a demand for identifying and preventing U.S. cyber operations, which Chinese cybersecurity services are currently offering.”
“To counter concerns about the ‘China threat theory’ that have slowed Huawei’s global expansion, this propaganda campaign emphasizes a ‘U.S. threat theory’ to distract international audiences.”
Qi An Xin and the Ministry of Public Security did not respond to requests for comment.