Cybercrime , Cyberwarfare / Nation-State Attacks , Fraud Management & Cybercrime

Pro-China Disinformation Campaign Traced to PR Firm

'Positive Energy' Op Targets North America, Europe, the Middle East and Asia
Pro-China Disinformation Campaign Traced to PR Firm
The Hall of Supreme Harmony within the Forbidden City in Beijing (Photo: Denny Jarvis via Flickr/CC)

The Chinese government appears to be outsourcing an online disinformation campaign to a public relations firm, say cybersecurity researchers in a study of a newly uncovered network of inauthentic news sites and suspect social media handles.

See Also: The Expert Guide to Mitigating Ransomware & Extortion Attacks

Analysts from Mandiant say they found 72 inauthentic news websites all with connections to Shanghai Haixun Technology Co., a Chinese PR firm that advertises "positive energy packages."

Among its offerings are a "Europe and U.S. Positive Energy" package with content ostensibly geared to English speakers. The term "positive energy" has assumed freighted meaning in the era of Chinese leadership under Xi Jinping, coming to mean Chinese Communist Party boosterism. Mandiant assigned the moniker "HaiEnergy" to the disinformation campaign.

Mandiant says no evidence definitely ties Haixun to HaiEnergy but the campaign relies exclusively on the firm's online infrastructure - for example, by using a common server to host images and videos. At one point, haixunpr.org hosted a downloadable spreadsheet listing some of the sites Mandiant judges to be part of the campaign.

Turning to a PR firm rather than using government personnel to disseminate disinformation is increasingly common, write Mandiant researchers. It can make the campaign content more accessible and helps obfuscate the identity of the true actor. A 2021 assessment of Chinese disinformation by the Rand Corp. concluded its main target to date has been Taiwan and has "achieved mixed and somewhat limited results."

HaiEnergy sites present themselves as independent news outlets from different regions across the world and publish content in around 11 languages. The sites target users in North America, Europe, the Middle East and Asia with sites written in English, Arabic, French, Chinese and other languages. They attempt to reshape perceptions around topics such as Xinjiang, a Uyghur-dominated area of northwest China where the United States accuses Beijing of committing genocide.

Multiple recent HaiEnergy articles are critical of House Speaker Nancy Pelosi's visit to Taiwan. "The authorities tried to withdraw Pelosi to avoid danger But Pelosi insisted on seeking historical positioning and dragged the whole Taiwan into a fire pit," ran the headline of one article.

One article portrayed the United States as an unreliable ally and argued that Taiwan can't depend on American military protection in the event of a Chinese invasion. The supposed diplomatic and military isolation of Taiwan is a regular theme of Chinese disinformation, the Rand report notes.

The campaign also uses social media profiles on multiple platforms, including the alleged authors and putatively independent accounts that promote the articles.

If there's one upside, it's that HaiEnergy likely fails in its primary objective of influencing people. Most of the social media heat generated around the articles comes from sock puppet accounts, making the campaign essentially one giant echo chamber, Mandiant researcher write.

Coordinated Campaign

One of the signs of a coordinated campaign among the 72 websites - besides drawing on the same server for video and images - is that they're built with the same Chinese-language HTML template.

Some of the web domains involved have subdomains where the content is completely unrelated to the top level. Mandiant researchers spotted the domain trademarksdaily.com presenting itself as a putative English-language site whereas the now-defunct subdomain automobile.tradesmarksdaily.com presented itself as a Russian-language site.

In addition, many of the sites simply link to each other, typically at the bottom of their pages. They also tend to run the same content taken from Chinese and Russian state-controlled media outlets.


About the Author

Prajeet Nair

Prajeet Nair

Assistant Editor, Global News Desk, ISMG

Nair previously worked at TechCircle, IDG, Times Group and other publications, where he reported on developments in enterprise technology, digital transformation and other issues.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing bankinfosecurity.com, you agree to our use of cookies.