In an attempt to shift that blame, Dragonbridge’s influence campaign went so far as to create spoofed posts from Intrusion Truth, a mysterious pseudonymous Twitter account that has previously released evidence tying multiple hacking campaigns to China, including those of APT41. The fake Intrusion Truth posts instead falsely tie APT41 to US hackers. Dragonbridge also created an altered, spoofed version of an article in the Hong Kong news outlet Sing Tao Daily pinning APT41’s activities on the US government.
In a more timely example of Dragonbridge’s disinformation operations, it also sought to blame the destructive sabotage of the Nord Stream natural gas pipeline—a key piece of infrastructure connecting European countries to Russian gas sources—on the United States. Mandiant says that claim, which echoes statements from Russian president Vladimir Putin and Russian disinformation sources, appears to be part of a larger campaign designed to sow divisions between the United States and its allies that have opposed and sanctioned Russia for its unprovoked and catastrophic military invasion of Ukraine.
None of those campaigns, Mandiant emphasizes, was particularly successful. Most of the posts had single-digit likes, retweets, or comments at best, the company says. Some of its spoofed tweets impersonating Intrusion Truth have no signs of engagement at all. But Hultquist warns nonetheless that Dragonbridge demonstrates a new interest in aggressive disinformation from pro-China sources, and possibly from China itself. He worries, given China’s widespread cyber intrusions around the world, that future Chinese disinformation campaigns might include hack-and-leak operations that blend real revelations into disinformation campaigns, as Russia’s GRU military intelligence agency has done. “If they get their hands on some real information from a hacking operation,” Hultquist says, “that’s where they become especially dangerous.”
Despite Dragonbridge’s occasional pro-Russian messages, Hultquist says that Mandiant has little doubt of the group’s pro-China focus. The company first spotted Dragonbridge engaged in a fake grassroots campaign to disparage Hong Kong pro-democracy protestors in 2019. Earlier this year, it saw the group pose as Americans protesting against US rare-earth metal mining companies that competed with Chinese firms.
That doesn’t mean Dragonbridge’s campaigns are necessarily the work of a Chinese government agency or even a contractor firm like Chengdu 404. But they’re very likely at least located in China, Hultquist says. “It’s hard to imagine their activity, in its totality, being in any other country’s interest,” says Hultquist.
If Dragonbridge is working directly for the Chinese government, it may mark a new phase in China’s use of disinformation. In the past, China has largely stayed away from influence operations. A Director of National Intelligence report on foreign threats to the 2020 election declassified last year stated that China “considered but did not deploy influence efforts designed to change the outcome of the US Presidential election.” But just last month Facebook, too, says it spotted and removed campaigns of Chinese political disinformation posted to the platform from mid-2021 to September 2022, though it didn’t say if the campaigns were linked to Dragonbridge.
Despite the apparent resources put into Dragonbridge’s long-running operations, its new foray into election meddling looks remarkably ham-fisted, says Thomas Rid, a professor of strategic studies at Johns Hopkins and author of a history of disinformation, Active Measures. He points to abstract phrases, like its call to “root out this ineffective and incapacitated system.” That kind of dull language fails to effectively exploit real wedge issues to exacerbate existing divisions in US society—often best identified by local agents on the ground. “It seems like they didn’t read the manual,” Rid says. “It seems like a remote, amateurish affair done from Beijing.”
But both Rid and Mandiant’s Hultquist agree that Dragonbridge’s relative lack of success shouldn’t be seen as a sign of Americans’ growing immunity to influence operations. In fact, they argue that the deep political divisions in American society may mean that the US is less equipped than ever to distinguish fact from fabrication in social media. “Authoritative sources are no longer trusted,” says Hultquist. “I’m not sure that we’re in a great place right now, as a country, to digest that some major information operation is attributable to a foreign power.”