Dissecting China’s Information Operations with Threat Intelligence presented at CODEBLUE2020 2020

by Che Yeh,

Summary : In this talk, we will focus on Information Operations (InfoOps) on social media platforms. InfoOps involve a coordinated dissemination of propaganda and disinformation aiming to influence a region’s politics. TeamT5 Inc., as a cyber security firm based in Taiwan, has been investigating China’s InfoOps since 2016.By adopting the mindset of threat intelligence, we have managed to illustrate the InfoOps threat landscape in Taiwan as well as identify several threat actors on SNS. We summarized China’s InfoOp tactics into an attack graph. The authoritarian regime’s InfoOps tactics span a wide range of approaches, including: (1) propaganda by state media; (2) political content farm and spam botnet operated by marketing firms; and (3) mobilization of patriotic netizens (a.k.a Little Pink) to conduct verbal attack or doxxing against dissidents.More importantly, we believe APT actors might have entered the InfoOps threat landscape. In 2020 July, we identified an InfoOp that can be linked to a notorious Chinese APT group.Due to the fast-changing nature of SNS, it is often difficult to identify the threat actors before they cause widespread disinformation that can wreak havoc. In this case, we believe threat intelligence can provide instant insight into actor methodologies and exposes potential risks.