Skip links

Today’s ‘China is misbehaving online’ allegations come from Google, Meta

Meta and Google have disclosed what they allege are offensive cyber ops conducted by China.

The Social Network™ used its Quarterly Adversarial Threat Report [PDF], published Thursday, to report it booted 4,789 Facebook accounts for violating its policy against coordinated inauthentic behavior.

The operators of the accounts used names and profile pics harvested from the internet, posed as Americans, and shared the same content across multiple platforms.

Their output often consisted of content cut and pasted from X/Twitter. Other posts offered “news articles from mainstream US media and reshared Facebook posts by real people, likely in an attempt to appear more authentic.”

Some of the reshared content was “political,” but other posts covered gaming, history, fashion models, and pets.

The op wasn’t pro-Beijing, but Meta found in mid-2023 “a small portion of this network’s accounts changed names and profile pictures from posing as Americans to posing as being based in India.”

After changing location, the accounts started to like and comment on posts that made wild allegations about exiled Tibetan spiritual leader the Dalai Lama.

The same posts were on the radar of a further 13 accounts and seven Groups that Meta also booted from Facebook.

In Meta’s estimation, these networks and individuals originated in China and targeted primarily India and the Tibet region, with some action directed at the US.

Meta’s not alone in concluding that China likes to use social platforms to advance its cause. Think tank the Australian Strategic Policy Institute this week claimed much the same: Beijing uses friendly influencers to tell its story at home and abroad.

Google’s Thursday contribution to China-related infosec news came in the form of remarks by Kate Morgan, a senior engineering manager at the search giant’s threat analysis division, to the effect that Beijing has increased the volume and sophistication of attacks aimed at Taiwan.

Morgan described a “massive increase” in activity over the last six months, suggesting SOHO routers are being subverted to conduct other attacks – with tech companies, clouds, defense outfits, government, and almost any other entity with a pulse being targeted.

Google apparently tracks over 100 attack groups it thinks are Beijing-backed, Morgan told Bloomberg. The Register has asked Google for more detail on its observations and will update this story if we receive useful info. ®

Source