Digital PR Firms Unmasked in Global Pro-China Influence Operation Network

Cybersecurity researchers have uncovered an extensive network of digital PR firms orchestrating a sophisticated influence operation campaign through hundreds of inauthentic news websites promoting pro-China narratives globally.

Figure 1: GLASSBRIDGE ecosystem

Named "GLASSBRIDGE" by Google's Threat Intelligence Group (TAG), the operation involves four distinct companies that operate networks of fake news sites and newswire services designed to appear as independent media outlets while publishing coordinated content aligned with Chinese state interests.

"These firms bulk-create and operate hundreds of domains posing as independent news websites from dozens of countries," said Vanessa Molter, a researcher at Google TAG. "In reality, they're publishing thematically similar, inauthentic content that emphasizes narratives aligned to the political interests of the People's Republic of China."

Key findings from the investigation include:

Figure 3: “Secret History of Tsai Ing-Wen,” on DURINBRIDGE-operated inauthentic news site

Figure 4: Narratives about then-candidate Lai Ching-te promoted by DRAGONBRIDGE prior to the Taiwanese presidential election

The operation targeted audiences in numerous countries including Australia, France, Germany, India, Japan, Malaysia, Singapore, the United States and others through localized content in multiple languages.

"By using private PR firms, the actors behind these information operations gain plausible deniability, obscuring their role in the dissemination of coordinated inauthentic content," explained Ryan Serabian, a senior analyst at Mandiant who contributed to the investigation.

The websites mix legitimate local news content copied from real outlets with articles republished from Chinese state media, press releases, and targeted narratives on topics like Taiwan, the South China Sea, COVID-19, and other issues aligned with Beijing's political interests.

Google has taken enforcement action by blocking over 1,000 GLASSBRIDGE-operated websites from appearing in Google News features and Google Discover for violating policies against deceptive behavior and requirements for editorial transparency.

While researchers cannot definitively attribute who commissioned these services, they assess the firms may be taking direction from a shared customer orchestrating the distribution of pro-China content through this network of imitation news websites.

The discovery of GLASSBRIDGE highlights how information operations increasingly leverage legitimate-appearing commercial firms and news services to spread coordinated messaging while maintaining deniability - a tactic also observed in Russian campaigns.

"These inauthentic news sites illustrate how information operations actors have embraced methods beyond social media in an attempt to spread their narratives," noted Molter. "By posing as independent local news outlets, they can tailor content to specific regional audiences while concealing the coordinated nature of the operation."

Google has stated it will continue monitoring GLASSBRIDGE activity and blocking policy-violating content as part of its ongoing efforts to combat coordinated influence operations across its platforms.

Visit our website to get cybersecurity updates like this, thesecmaster.com, and our social media page on Facebook, LinkedIn, Twitter, Telegram, Tumblr, Medium, and Instagram and subscribe to receive tips like this. 

You may also like these articles: