Chinese Disinformation Group Targeted Pelosi’s Taiwan Visit
Efforts to attack critics of the PRC online have expanded in recent months.
As international attention focused on U.S. House Speaker Nancy Pelosi’s visit to Taiwan this week, a Chinese disinformation campaign used fake news sites and fake social media accounts to try to undermine US-Taiwanese relations. It’s the work of a new group that has used similar methods to promote false information on everything from the recent Supreme Court abortion ruling to bioweapons in Ukraine.
U.S. cybersecurity company Mandiant discovered that the Chinese group, dubbed HaiEnergy, had published “two articles critical” of Pelosi, D-Calif., “in response to reports that she may visit Taiwan in early August. The articles [published on August 1] assert that Pelosi should ‘stay away from Taiwan’ and highlight perceived tarnished relations between the U.S. and Taiwan,” Mandiant said in a blog post released Thursday.
The HaiEnergy group published fake articles across a variety of fake news outlets. HaiEnergy also attacked former U.S. Secretary of State Mike Pompeo’s trip to Taiwan in March, using fake Taiwanese news sites, and pushed the narrative that the United States would be an unreliable partner to Taiwan in the event of a Chinese invasion.
The group has also spread false information in Ukrainian, claiming that the United States was conducting biowarfare experiments in Ukraine that resulted in deaths. They’ve run articles in English claiming that pro-choice protestors in the United States met with police violence after the recent Supreme Court decision.
The group is also behind numerous posts and articles targeting academics who openly discuss China’s numerous and well-documented human rights abuses in Xinjiang, Mandiant asserts.
In one such occurrence, the group apparently created fake letters purporting to show that German anthropologist Adrian Zenz was receiving money from U.S. government sources. The group first tweeted a photo of the fabricated letter, which contained spelling and grammatical errors, and then used a fake Swiss news site to “report” on the tweet.
“The tweet and one of the letters argued that Zenz received financial support from U.S. Sen. Marco Rubio [R-Fla.] and former White House Chief Strategist Steve Bannon. The other two letters implied that the financial support came from grants awarded to Zenz from the Victims of Communism Memorial Foundation in 2020 and 2021,” according to Mandiant.
In a message to Defense One, Zenz said “These letters and claims are fraudulent. I have never actually met either Marco Rubio or Steve Bannon in person, and never received letters from them. Since late 2019, I have been paid by the VOC as a part-time independent contractor, but not the amounts shown, and the posted letters are fraudulent.” He continued “Attacking my motivation has been a primary strategy of the Chinese state, because they cannot successfully attack my research, which is almost entirely based on their own documentation.”
It’s not the first Chinese information campaign Mandiant has caught recently. In June, Mandiant traced a coordinated information campaign around rare-earth minerals back to a separate Chinese group called DRAGONBRIDGE, but Mandiant believes the tactics and digital infrastructure used in both cases suggests that they are separate efforts.
HaiEnergy appears to be related to a China-based PR firm called Haixun. Mandiant says they don’t yet have enough evidence to show Haixun is intentionally involved. However, the fake news sites use hosting services from the PR company.
“Our analysis indicates that the campaign has at least leveraged services and infrastructure belonging to Haixun to host and distribute content. In total, we identified 72 websites (59 domains and 14 subdomains) hosted by Haixun, which were used to target audiences in North America, Europe, the Middle East, and Asia,” Mandiant reports.
During Pelosi’s visit, the Taiwanese government was hit with a coordinated denial of service attack to block web users from accessing sites, which lasted for about 20 minutes, according to reports.
“The situation in Taiwan has already led to cyber threat activity, some of which is apparent, like [denial of service] attacks on websites in Taiwan. Two Chinese information operations we track have shifted their narratives in recent days to a focus on U.S. House Speaker Pelosi’s expected visit and the supposed dangers of the situation. We anticipate that Chinese actors are also carrying out significant cyber espionage against targets in Taiwan and the U.S. to provide intelligence on the crisis,” John Hultquist, the vice president of intelligence analysis at Mandiant, said in a statement that coincided with the visit.
“Chinese actors have responded with cyber attacks to political crises like the Belgrade embassy bombing and the Hainan island incident in the past, but compared to their peers, they have not heavily leveraged this capability. On rare occasion, Chinese state actors have been linked to [denial of service] capability, destructive attack, and possible probing of critical infrastructure. Nonetheless, we believe China is capable of significant cyber attacks inside Taiwan and abroad.”