Security Experts:

Connect with us

Hi, what are you looking for?



Chinese Threat Actor Targets Rare Earth Mining Companies in North America, Australia

Mandiant’s security researchers have been tracking influence campaigns that a Chinese threat actor named Dragonbridge has been conducting against rare earth mining companies in Australia, Canada, and the United States.

Mandiant’s security researchers have been tracking influence campaigns that a Chinese threat actor named Dragonbridge has been conducting against rare earth mining companies in Australia, Canada, and the United States.

Active since at least 2019, Dragonbridge has been using a network of thousands of inauthentic accounts on social platforms, websites, and forums to promote narratives in support of China’s political interests.

More recently, the threat actor has started a social media campaign focused on rare earth mining companies, including Lynas Rare Earths Ltd (Australia), Appia Rare Earths & Uranium Corp (Canada), and USA Rare Earth.

As Mandiant notes, the targeted industry is of strategic significance to China, with the three victim companies challenging the country’s supply chain dominance in the industry. Rare earth metals represent a critical component of consumer and military products, including aircraft engines and missile guidance systems.

The targeting of these companies falls in line with recent events that clearly impacted China: Lynas, the largest rare earths mining and processing company outside China, has signed a contract with the US Department of Defense for the construction of a Texas processing facility, USA Rare Earth is planning a processing facility in Oklahoma, and Appia has discovered a new rare earths bearing zone.

As part of the influence campaign, fake accounts, including some pretending to be of Texas residents, were used to call for protests and critique President Biden’s invocation of the Defense Production Act on March 31, 2022, to accelerate the production of critical minerals in the US.

“While the activity we detail here does not appear to have been particularly effective and received only limited engagement by seemingly real individuals, the campaign’s microtargeting of specific audiences suggest the possibility of using similar means to manipulate public discourse surrounding other U.S. political issues to the PRC’s advantage,” Mandiant noted.

The campaign claimed that the building of a rare earths processing facility in Texas would have a negative impact on the environment, exposing the local population to radioactive contamination and health problems.

The suspected inauthentic accounts posted messages on Twitter and on the public Facebook group “STOP LYNAS! NO to Lynas Exporting and Creating Another Toxic Legacy,” but received little engagement.

The posts were mainly in English, with some of the content in Chinese and Malay. The threat actor posted photos of Malaysian demonstrations against Lynas due to controversy regarding the disposal of radioactive waste at its facility in Kuantan. The influence campaigns targeting Appia and USA Rare Earth started in June.

“Accounts leveraged commentary by real individuals, such as U.S. politicians and commentators, to support their arguments against Lynas, its planned processing facility in Texas, and the Biden administration’s decision to expedite production of critical minerals,” Mandiant noted.

The security researchers discovered that the threat actor had created new accounts to promote the same narratives promoted by previously identified Dragonbridge accounts, all of which have shown similar indicators of inauthenticity and coordination, such as the use of photos from online sources, the use of seemingly random numeric strings in account names, and the creation of accounts in clusters.

“In addition to the accounts’ posting of identical or similar rare earths-related content, we also observed some of the accounts post identical or similar apolitical content, such as inspirational quotes, wellness, travel, and sports content,” Mandiant said.

Related: Facebook Battles Cyber Campaigns Targeting Ukraine

Related: Facebook Adapts Defenses as Deception Campaigns Go Stealth

Related: Russia-Linked ‘Ghostwriter’ Disinformation Campaign Tied to Cyberspy Group

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment

Expert Insights

Related Content


Websites of German airports, administration bodies and banks were hit by DDoS attacks attributed to Russian hacker group Killnet


Iranian APT Moses Staff is leaking data stolen from Saudi Arabia government ministries under the recently created Abraham's Ax persona


Artificial intelligence is competing in another endeavor once limited to humans — creating propaganda and disinformation.


The UK’s NCSC has issued a security advisory to warn about spearphishing campaigns conducted by two unrelated Russian and Iranian hacker groups.

Application Security

A new report finds that barely 1% of all SBOMs being generated today meets the “minimum elements” defined by the U.S. government.


WASHINGTON - Cyberattacks are the most serious threat facing the United States, even more so than terrorism, according to American defense experts. Almost half...

Supply Chain Security

Oracle's Critical Patch Update for January 2023 includes 327 patches, with more than 70 that address critical-severity vulnerabilities.


Albanian prosecutors on Wednesday asked for the house arrest of five public employees they blame for not protecting the country from a cyberattack by...