Google continues to disrupt YouTube and Blogger activity associated with the China-linked Dragonbridge threat actor’s long-running influence operations, with over 10,000 instances taken down in the first quarter of this year alone.
In 2023, the internet giant disrupted over 65,000 YouTube and Blogger instances linked to Dragonbridge, with 50,000 other instances taken down in 2022. To date, Google disrupted over 175,000 Dragonbridge instances.
Also known as Spamouflage Dragon, the threat actor has been active since at least 2019, using a spammy network of thousands of inauthentic accounts on forums, social platforms, and websites to promote narratives in line with China’s political interests.
In 2022, Mandiant uncovered a largely ineffective Dragonbridge campaign targeting rare earth mining companies in Australia, Canada, and the United States, which overall saw limited engagement from real individuals.
According to a new Google report, Dragonbridge’s overall activity consists of low quality content that lacks a political message, with only a small fraction of the observed accounts posting about current events and promoting pro-China narratives.
“These narratives span a wide range of news topics — ranging from elections in Taiwan to the Israel-Hamas war — and include content critical of the US. The content primarily targets Chinese speakers, but some narratives are in English and other languages,” Google explains.
Although the threat actor continued to scale its operation, the activity remained largely ineffective over the past year and a half, with “practically no organic engagement from real viewers” on the over 57,000 YouTube channels disabled in 2023.
“Of the over 900,000 videos suspended, over 65% of their videos had fewer than 100 views, and 30% of their videos had zero views. Despite experimenting with content and producing large amounts of content, Dragonbridge still does not receive high engagement,” Google notes.
Observed engagement, the internet giant says, was mostly inauthentic, coming from other accounts operated by the threat actor.
Across its channels and blogs, the threat actor creates low quality content in reaction to breaking news, especially social wedge issues, or in anticipation of events, and was seen ramping up activity ahead of the 2024 general election in Taiwan.
“The videos were typical of Dragonbridge’s style featuring robotic voiceovers, stock footage and publicly available images. Voiceovers and text overlays in the videos had awkward phrasings suggestive of machine translation,” Google says.
In the days leading up to Taiwan’s general election on January 13, the threat actor posted thousands of videos and comments on YouTube, promoting an allegedly ‘secret history’ document critical of the outgoing President Tsai Ing-wen, but gaining almost no engagement from organic users.
The videos featured AI-generated news hosts, this being the largest Dragonbridge campaign using AI to date. However, the group has been experimenting with generative AI tools to create content for several years, Google says.
The threat actor continues to promote political and social narratives that portray the US in a negative light, after previously targeting the US presidential and midterm elections in 2020 and 2022, respectively.
“Despite their failure to gain traction with an authentic audience, Dragonbridge generates high volumes of content across multiple social media platforms, is persistent, and continues to experiment in their tactics and techniques,” Google notes.
Related: Chinese Hackers Have Stepped Up Attacks on Taiwanese Organizations, Cybersecurity Firm Says
Related: Cyber Assault on Asian Telecoms Traced to Chinese State Hackers
Related: Chinese Cyberspy Group ‘RedAlpha’ Targeting Governments, Humanitarian Entities
Related: Google Says No Significant Election Influence Campaigns Targeting Its Users
