- Buy Microsoft Visio Professional or Microsoft Project Professional 2024 for just $80
- Get Microsoft Office Pro and Windows 11 Pro for 87% off with this bundle
- Buy or gift a Babbel subscription for 78% off to learn a new language - new low price
- Join BJ's Wholesale Club for just $20 right now to save on holiday shopping
- This $28 'magic arm' makes taking pictures so much easier (and it's only $20 for Black Friday)
Chinese Info Ops Campaign Tied to PR Firm
Security researchers have uncovered another Chinese information operation using scores of inauthentic news sites and social media assets in an attempt to burnish the country’s image abroad.
Published in 11 languages, the content aims to win over hearts and minds to Beijing’s way of thinking, by discrediting criticism of the genocide in Xinjiang and erosion of democracy in Hong Kong, among other things.
Among the Communist Party critics targeted in the campaign are Chinese businessman Guo Wengui and German anthropologist Adrian Zenz, who is noted for his research on the persecution of Uyghurs, according to Mandiant.
However, perhaps the most notable thing about the campaign is that it appears to use infrastructure owned by local PR firm Shanghai Haixun Technology, a company that advertises “positive energy packages” for clients.
As Mandiant explains in a blog post, the term “positive energy” (正能量) is particularly loaded in China as it’s one used often by the Xi Jinping administration to refer to messages which portray Beijing in a positive light.
As a result, Mandiant named the info ops campaign “HaiEnergy.”
“While we do not currently have sufficient evidence to determine the extent to which Haixun is involved in, or even aware of HaiEnergy, our analysis indicates that the campaign has at least leveraged services and infrastructure belonging to Haixun to host and distribute content,” the firm explained.
“In total, we identified 72 websites (59 domains and 14 subdomains) hosted by Haixun, which were used to target audiences in North America, Europe, the Middle East and Asia.”
The campaign has exclusively used Haixun’s internet infrastructure to publish content and host websites, In fact, those sites also bear several similarities which suggest a coordinated approach, including:
- Nearly all of the English language sites are built with a Chinese-language HTML template
- Several of the sites that include a domain and subdomain are disguised to appear as different, independent sites
- Many of the sites link directly to other sites in the network
- The same articles are often published across multiple sites
If Haixun is playing an active role in this campaign, it would represent the continuation of a trend for threat actors to use “info ops for hire” firms to do their dirty work, Mandiant claimed. The one positive is that on this occasion it does not appear to have paid off.
“We note that despite the capabilities and global reach advertised by Haixun, there is at least some evidence to suggest HaiEnergy failed to generate substantial engagement,” the report concluded.
“Most notably, despite a significantly large number of followers, the political posts promoted by inauthentic accounts we attribute to this campaign failed to gain much traction outside of the campaign itself.”