Cyber security news for all

More

    Google Dismantles Influence Campaigns Linked to China, Indonesia, and Russia

    Google has disclosed its recent efforts to dismantle coordinated influence operations involving 1,320 YouTube channels and 1,177 Blogger blogs connected to the People’s Republic of China (PRC).

    “The orchestrated, inauthentic network disseminated content in Chinese and English concerning China and U.S. foreign affairs,” stated Billy Leonard, a researcher with Google’s Threat Analysis Group (TAG), in the company’s quarterly bulletin released last week.

    Additionally, Google terminated several Ads, AdSense, and Blogger accounts tied to two coordinated influence operations originating in Indonesia. These operations shared content supportive of the ruling party in the country.

    Another significant cluster dismantled by Google included a network of 378 YouTube channels. This network, traced back to a Russian consulting firm, propagated content that favored Russia while denigrating Ukraine and the West.

    The company further terminated an AdSense account and blocked 10 domains from appearing in Google News and its Discover feed for mobile devices. These domains produced content in English and Norwegian on various topics such as food, sports, and lifestyle. According to Google, the operation linked to individuals from the Philippines and India was financially motivated.

    Other prominent violators taken down include:

    • A network of 59 YouTube channels linked to Pakistan that shared Urdu language Shorts critical of Pakistani political figures.
    • A network of 11 YouTube channels linked to France that shared French language content critical of French political figures.
    • A network of 11 YouTube channels linked to individuals in Russia that shared content supportive of Russia and critical of Ukraine.
    • Two YouTube channels linked to Myanmar that shared English/Burmese language content supportive of the Burmese military government and critical of pro-independence groups.

    This development follows revelations by OpenAI and Meta that they disrupted an influence operation orchestrated by a Tel Aviv-based political marketing firm called Stoic. This operation aimed to propagate pro-Israel messaging in the U.S. and Canada amid the ongoing conflict in Gaza. The campaign commenced in October following the outbreak of war between Israel and Hamas.

    “This network commented on Facebook Pages of international and local media organizations, as well as political and public figures, including U.S. lawmakers,” Meta noted late last month. “Their comments included links to the operation’s websites and were frequently met with critical responses from authentic users calling them propaganda.”

    “They primarily posted in English about the Israel-Hamas war, including calls for the release of hostages, praise for Israel’s military actions, and criticism of campus antisemitism, the United Nations Relief and Works Agency (UNRWA), and Muslims, asserting that ‘radical Islam’ poses a threat to liberal values in Canada.”

    Meta informed CyberScoop that it linked the activity to Stoic based on a “combination of technical and behavioral indicators,” without sharing additional specifics.

    According to a report published by The New York Times last week, the covert influence-for-hire campaign was commissioned by Israel’s Ministry of Diaspora Affairs, citing four Israeli officials who stated that the government body allocated around $2 million to the operation.

    This is not the first time shadowy Israeli companies have been caught engaging in disinformation campaigns. In early 2023, the Forbidden Stories consortium uncovered an “ultra-secret” entity named Team Jorge, which offers “influence and manipulation services to the highest bidder.”

    The disclosures also come after a Microsoft advisory delving into Russia’s escalating malign disinformation campaigns against France and the 2024 Summer Olympic Games. Some of these campaigns have used artificial intelligence (AI)-generated audio clips to advance pro-Kremlin narratives.

    It’s notable that the International Olympic Committee (IOC), while allowing qualifying athletes from Russia and Belarus to compete in the multi-sport event as “Individual Neutral Athletes,” has barred them from participating in the opening ceremony in light of the war in Ukraine.

    Last October, the IOC’s executive board suspended the Russian Olympic Committee “with immediate effect until further notice” following its decision to include as members regional sports organizations from four Ukrainian territories illegally annexed by Russia since the onset of the war in February 2022. In February, Russia lost its appeal against the ban.

    “If they cannot participate in or win the Games, they seek to undercut, defame, and degrade the international competition in the minds of participants, spectators, and global audiences,” Redmond said.

    Google-owned Mandiant and Recorded Future, in two separate analyses, characterized the sporting event as a “target-rich environment” facing a broad range of cyber threats, from ransomware and hacktivist attacks to nation-state actors conducting espionage and influence operations.

    “The Paris Olympics faces an elevated risk of cyber threat activity, including cyber espionage, disruptive and destructive operations, financially-motivated activity, hacktivism, and information operations,” Mandiant researchers Michelle Cantos and Jamie Collier pointed out.

    The actor behind the defamation campaign against the IOC is being tracked by Microsoft under the moniker Storm-1679. The company added that these goals also seek to instigate public fear to deter spectators from attending the event altogether through fabricated videos alleging possible terrorism threats.

    Another Russia-linked threat actor, Doppelganger (aka Storm-1099), has ramped up its anti-Olympics messaging in the past two months. This actor has used a cluster of 15 French language news sites to spread claims of rampant IOC corruption and potential violence at the Games.

    “The Kremlin’s propaganda and disinformation machine is unlikely to hold back in leveraging its network of actors to undermine the Games as the Olympics draw near,” the Microsoft Threat Analysis Center (MTAC) said.

    “Actors are likely to use a mix of propaganda facilitated by generative AI across social media platforms to continue their campaigns against France, the IOC, and the Olympic Games.”

    Recent Articles

    Related Stories