Researchers have found a China-based PR firm actively supporting a Chinese misinformation campaign by hiring freelancers through Fiverr to promote its content.
The campaign has also adopted new tactics, like using newswire services to distribute pro-China content on legitimate U.S.-based news outlet subdomains.
In August 2022, researchers at Mandiant reported on Chinese misinformation campaign known as “HaiEnergy,” attributed to the Chinese PR firm Shanghai Haixun Technology Co., Ltd (Haixun).
This HaiEnergy Chinese misinformation campaign involved using a network of over 72 fake news sites and suspected social media accounts to promote content aligned with China’s political interests.
There’s even a possibility that the HaiEnergy campaign placed a pro-China ad on a billboard in New York City’s Times Square.
What is HaiEnergy, the Chinese misinformation campaign?
A notable aspect of the HaiEnergy campaign is the evidence suggesting that HaiEnergy may have financed two staged protests in Washington, D.C.
The HaiEnergy campaign used these protests as source material to promote narratives related to divisive U.S. domestic issues and criticize the U.S. Government’s decision to ban goods from China’s Xinjiang region.
Researchers at Mandiant discovered additional dissemination methods used by HaiEnergy, including two “press release” services: “Times Newswire” and “World Newswire.”
At least 32 subdomains of genuine U.S.-based news outlets were found to be linked to a company called FinancialContent, Inc., although there’s no evidence to suggest the outlets themselves were compromised.
“When we released our initial report, we were unable to determine the extent to which Haixun was involved in, or even aware of this campaign, as our visibility was limited to the campaign’s use of infrastructure linked to the company,” said the Mandiant report.
“In recent months, however, we have identified additional evidence suggesting Haixun is not only aware of the campaign but is actively supporting it through the solicitation of for-hire freelancers via Fiverr to promote campaign content.”
Haixun likely outsourcing content promotion
Recent observations on Fiverr indicate that Haixun is likely outsourcing content promotion for the campaign.
The company appears to be engaging individuals to spread content consistent with HaiEnergy’s political narratives and sourced from the campaign’s infrastructure.
Mandiant identified two clusters of suspected Twitter accounts promoting source material from HaiEnergy-linked sources. One cluster tweeted links to articles from the campaign, while the second cluster replied to these tweets, pretending to be authentic engagement.
There’s evidence suggesting that HaiEnergy may have financed staged protests in Washington, D.C., which were used to support its narratives.
Additionally, the HaiEnergy campaign referenced a billboard ad in New York City’s Times Square, though the connection to HaiEnergy is not confirmed.
While HaiEnergy and DRAGONBRIDGE are tracked as separate campaigns, some themes and tactics overlap. Further investigation is ongoing to understand the relationship between the two campaigns.
HaiEnergy has attempted to maximize its impact by outsourcing aspects of the campaign and financing staged protests. Despite these efforts, the HaiEnergy campaign has struggled to gain substantial engagement from authentic users. It is evident that threat actors are evolving their strategies to achieve more significant influence.
The HaiEnergy campaign, linked to the Chinese PR firm Haixun, uses various tactics to spread pro-China content to U.S. audiences, including through fake news sites, social media accounts, and newswire services.
The campaign’s possible financing of staged protests and offline ad placement is a notable escalation in its tactics.
However, despite these efforts, the campaign’s reach has been limited, and researchers continue to investigate its activities and connections with other campaigns.
Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.
