A Chinese connected cybercrime crew known as APT41 is engaging in a large-scale disinformation campaign dubbed Dragonbridge to negatively influence the upcoming U.S. midterm elections by using a wide variety of tactics, security provider Mandiant said in a new blog post.
Mandiant said it assesses with “high confidence” the hackers attempting to create conflict between the U.S. and its allies for the benefit of China’s state-backed operatives. Similar activities occurred, with far less prior notice, in the 2016 presidential election with similar attempts made but blocked in the 2020 national election.
Dragonbridge's Operational Tactics
Dragonbridge is believed to have posted a video in September asserting that “the solution to America’s ills is not to vote for someone… to “root out this ineffective and incapacitated system,” Mandiant reported.
According to Mandiant, some of the activities include the following:
- Claims that the China-nexus threat group APT41 is instead a U.S. government-backed actor
- Attempts to discredit the U.S. democratic process, including attempts to discourage Americans from voting in the 2022 U.S. midterm elections
- Allegations that the U.S. was responsible for the Nord Stream gas pipeline explosions. U.S. and European leaders have blamed Russia for the leaks
“While we have previously observed Dragonbridge themes involving alleged malicious U.S. cyber activity, fabrications regarding APT41 as American in origin appear to be an escalation in the degree of implied U.S. operations,” Mandiant wrote.
Impersonation and Plagiarism Detected
The group has also experimented with other tactics, Mandiant said, including:
- Impersonation of cyber actors. The campaign was known to target China-nexus cyber threat actors to promote its own cyber-related narratives.
- Plagiarism and alteration of news articles. Dragonbridge altered news articles to create fabricated content that falsely attributed APT41 as a U.S. government-backed actor, then spread that content across social media and other outlets.
- Posing as members of target audience. The campaign also expanded its use of personas posing as Americans by using first-person pronouns.
Despite its aggressive tactics, one of the group’s tactics, attempting to discourage Americans from voting, has largely failed to take root, Mandiant said.
“Its effectiveness remains encumbered by poor execution,” the company said.
John Hultquist, who heads Mandiant’s threat intelligence unit, added:
“(Dragonbridge) campaign is not the most effective operation, and they are still a distant third behind Russia and Iran. What’s troubling is their aggressive growth.”
