Republican Sen. Marco Rubio of Florida speaks during a Senate Appropriations Subcommittee hearing in Washington, D.C., on May 26, 2021. (Stefani Reynolds/Bloomberg)
Multiple news websites and social media accounts that claim to be independent have links to a Chinese public relations firm, according to the security firm Mandiant Inc. Some of them have allegedly published fabricated content, including a fake letter from a U.S. senator.
Mandiant said it detected 72 news sites and several social media accounts that are part of an propaganda effort intended to "disseminate content strategically aligned with the political interests of the People's Republic of China." The campaign focused on political enemies of the Chinese government, the Xinjiang region and criticism of the U.S., the report said.
The websites, which present themselves as U.S. news outlets, were built using Chinese code, according to the report. Mandiant announced in March that it is being acquired by Google, a deal that is expected to close by the end of the year.
In one instance, a Twitter account linked to the campaign posted a fabricated letter purporting to come from the office of Sen. Marco Rubio, the Republican from Florida. It was addressed to Adrian Zenz, a prominent critic of the Chinese government's systematic imprisonment of Uyghurs in Xinjiang. The letter falsely claimed that Zenz received financial support from Rubio and right-wing political operative Steve Bannon.
The Chinese Embassy in the U.S. didn't respond to a request for comment.
"I am not surprised that I was targeted by China once again," Rubio said, in a statement provided to Bloomberg News. "It is important to expose these networks. Even sloppy efforts can cause confusion, and you can be certain the Chinese Communist Party will continue to slander its opponents in increasingly sophisticated ways."
Zenz said the letter was bogus. “Attacking my motivation has been a primary strategy of the Chinese state because they cannot successfully attack my research, which is almost entirely based on their own documentation,” he said, in a message to Bloomberg.
The campaign, which Mandiant dubbed HaiEnergy, wasn't particularly successful, failing "to generate substantial engagement outside of the inauthentic amplification that we have identified," the researchers said. What makes this campaign stand out among past information operations linked to China is the involvement of a public relations firm, Mandiant said. The report didn't directly link any of the inauthentic activity to the Chinese government.
The public relations firm, Shanghai Haixun Technology Co., hosted the domains used in the campaign, according to Mandiant, though researchers couldn't determine if the Chinese firm was aware of the full extent of the propaganda effort. On its website, Haixun offers content creation for "positive energy" geared toward English-speaking audiences. It purports to offer content creation in over 40 different languages.
A representative for Haixun said Mandiant's claims were "nonsense" and that the campaign described in the cybersecurity firm's report didn't exist. Haixun was just a media distribution platform that worked with Chinese companies, the representative said when reached by phone.
China's government has repeatedly denied claims it was behind cybersecurity attacks, saying the U.S. was a bigger violator.
"We do know now that the private sector is involved to some extent in this game," said John Hultquist, vice president of intelligence analysis at Mandiant. "Even though right now this isn't the most effective program, they're clearly invested in it, and I think that the geopolitical realities are such that we have to keep a close eye on it."
By leveraging a public relations firm to publish inauthentic articles and social media posts, Hultquist said, it gives the perpetrators the ability to obscure their responsibility. "I think more and more players are going to rely on firms like this to do these types of operations," he said.
