You are using an older browser version. Please use a supported version for the best MSN experience.

China strives to ramp up election influence this year

The Washington Post logo The Washington Post 10/27/2022 Tim Starks, Aaron Schaffer

Welcome to The Cybersecurity 202! My cat Julius “Jules” Jonas Jonah Jameson is awfully affectionate, but when he gets enthused about a new toy, it’s like I hardly exist, and I am but a vehicle to manipulate to his whims. This has been going on for several days now. Cat father < a decommissioned swimming trunks drawstring.

Below: The White House launches a cybersecurity sprint for the chemical sector, and the U.S. government sanctions alleged recruiters for Iranian hackers. First:

China and allied groups are emerging as election troublemakers

Chinese President Xi Jinping speaks at a press event in Beijing, China. (Photo by Kevin Frayer/Getty Images) © Kevin Frayer/Photographer: Kevin Frayer/Getty Chinese President Xi Jinping speaks at a press event in Beijing, China. (Photo by Kevin Frayer/Getty Images)

A pro-China influence campaign pushed messages on social media seeking to discourage U.S. voters from casting ballots in the midterms, security researchers said Wednesday.

The group, nicknamed “Dragonbridge,” has criticized U.S. society before, but “its targeting of the U.S. political system through attempts to discourage Americans from voting shows a willingness to use increasingly aggressive rhetoric,” according to Mandiant, a cybersecurity firm Google acquired last month.

The research adds to a mounting body of evidence that the Chinese government and groups championing Chinese aims are quite interested in playing a hand in the 2022 elections. What do they hope to get out of it? Undermining the U.S. democratic system while boosting China.

Beijing has embraced a strategy to strengthen its “discourse power,” its term for the ability to achieve more global influence.

“One of discourse power’s central themes, and what Chinese policymakers talk openly about, is that the West’s governance model is disorganized, chaotic and frankly incapable of addressing the world’s 21st century problems,” Craig Singleton, a senior fellow at the Foundation for Defense of Democracies think tank, told me. “Those were all themes that were addressed in that social media campaign,” he said, referring to Dragonbridge.

Another clue

Mandiant’s Dragonbridge report came on the heels of other signs that China and pro-China groups are trying to stir things up in the run-up to the midterms.

  • The Cybersecurity 202 reported last week that the FBI was warning political party organizations that apparent Chinese government-affiliated hackers were scanning their systems, a potential precursor to hacking operations.
  • Also this month, the cybersecurity company Recorded Future released a report that examined a Chinese state-sponsored influence campaign designed to divide U.S. voters, which the firm said signified “a shift in tactics from previous US elections, where China’s influencers were less active in attempts to influence US voters.”
  • Facebook and Instagram parent Meta said in September it had taken down a small network of fake accounts originating from China and targeting U.S. voters on both sides of the aisle, focused on domestic politics ahead of the midterms. “Chinese influence operations that we’ve disrupted before typically focused on criticizing the United States to international audiences, rather than primarily targeting domestic audiences in the US,” the company explained.
  • Also this week, the social media analytics company Alethea Group said it “had identified at least 165 Twitter accounts, presenting as Americans on both sides of the U.S. political aisle, that posted politically polarizing content related to the 2022 U.S. midterm elections” and resembled the work of Dragonbridge.

There’s little evidence any of those efforts accomplished much. For instance, the Chinese hackers didn’t appear to breach any of the political party targets they scanned. But the mere existence of such would-be meddling attempts reveal intriguing dynamics.

In the case of Dragonbridge, “there’s no evidence that suggests they've been successful in changing hearts and minds,” Sandra Joyce, head of global intelligence for Mandiant, told me. “But what to me is very interesting is they’re incredibly resilient. They continue to put out content and they continue to scale their operations even though they’ve been detected worldwide.”

From 2020 to 2022

What’s less clear is why China might be choosing now to step up its activity. Beijing has broadly and routinely denied allegations of malfeasance in cyberspace.

China didn’t interfere in the 2020 presidential election, and contemplated but didn’t proceed with influence operations that cycle, a U.S. intelligence community assessment concluded. The assessment said China likely reasoned that it wouldn’t benefit from either presidential candidate taking office more than the other. The same report said Russia and Iran, however, meddled in the U.S. presidential race in one way or another.

What little evidence there was of Chinese election interference in 2020 was indirect. A U.S. intelligence official said ahead of that Election Day that China “is expanding its influence efforts to shape the policy environment in the United States, pressure political figures it views as opposed to China’s interests, and counter criticism of China. Beijing recognizes its efforts might affect the presidential race.”

(There are other, prior signs of China making moves on social media or with cyberespionage in past elections, but with substantial differences from the 2022 cycle examples.)

The midterms have lower stakes, globally — which may actually have made them an inviting target for low-level operations, according to Norma Krayem, vice president and chair of Van Scoyoc Associates’ cybersecurity, privacy and digital innovation practice group.

“The 2022 elections are an easy way for them to have a test case to see how successful they can be,” Krayem, who has held executive branch posts, told me.

For Singleton, who doesn’t see a major difference between China’s 2020 and 2022 activity,  any increased Chinese willingness to mess with U.S. elections reflects the slow degeneration of Sino-American relations and China’s resulting embrace of different tactics.

“It’s clear that in the last 18 months or so, China understands that U.S.-China relations are not going to be improving anytime soon,” he said. “As Beijing has come to that realization, I think it’s willing to take more risks, and I think it’s willing to engage in this more extreme form of discourse warfare to achieve its political objectives.”

The keys

White House announces cybersecurity sprint for chemical sector

The Biden administration has launched similar initiatives for other critical sectors. (Sarah Silbiger for The Washington Post) © Sarah Silbiger/For The Washington Post The Biden administration has launched similar initiatives for other critical sectors. (Sarah Silbiger for The Washington Post)

The 100-day initiative aims to boost chemical operators’ focus on the biggest risks from cyberattacks, increase information sharing and encourage manufacturers to improve their ability to detect threats, CyberScoop’s Christian Vasquez reports. It’s the latest sprint that the Biden administration has launched for a critical sector.

“The sprints were first launched as a pilot with the electric sector in April 2021 and followed up with the pipeline, water and railway sectors,” Vasquez writes. “Biden’s memorandum on improving critical infrastructure control systems codified the exercises and amounted to a rare moment for the White House to acknowledge industrial control cybersecurity.”

Biden administration sanctions alleged recruiters for Iranian hackers


The U.S. government sanctioned Iranian cybersecurity and hacking school Ravin Academy and its co-founders, Seyed Mojtaba Mostafavi and Farzin Karimi, who are members of Iran’s Intelligence Ministry, according to the Treasury Department. The Biden administration also sanctioned an Iranian firm, Samane Gostar Sahab Pardaz Private Limited Company, which it said is one of Iran’s “main operators of social media filtering services.”

They’re the latest batch of sanctions targeting internet- and cybersecurity-related Iranian firms and people in the wake of protests following the death of Mahsa Amini in the custody of Iran’s “morality police” 40 days ago

Alleged dark net market operator arraigned

Daniel Kaye is accused of being an operator behind “TheRealDeal” dark net marketplace, a platform where stolen credentials for U.S. government systems, hacking tools, drugs and weapons were allegedly bought and sold, the Record’s Jonathan Greig reports

Last month, Kaye “consented to his extradition from Cyprus to the United States,” the Justice Department said. He previously spent more than two-and-a-half years in a British prison for his role in overwhelming Liberia with internet traffic in a 2016 distributed denial-of-service attack.

Cyber insecurity

Indianapolis Housing Agency responds to massive system-wide ransomware attack (Indianapolis Star)

OpenSSL to patch first critical vulnerability since 2016 (SecurityWeek)

Securing the ballot

Nevada county begins conspiracy-inspired ballot hand count (Associated Press)

Privacy patch

Inside TheTruthSpy, the stalkerware network spying on thousands (TechCrunch)

Global cyberspace

State and local governments continued to buy Chinese telecom gear despite warnings (Axios)


  • The Information Security and Privacy Advisory Board meets today.
  • National Cyber Director Chris Inglis and Anne Neuberger, the deputy national security adviser, speak at a Center for Strategic and International Studies event today at 10 a.m.
  • Mandiant senior manager Jason Atwell speaks at a CRDF Global event on the theft of intellectual property fueling weapons of mass destruction proliferation today at 10 a.m.
  • Rob Silvers, the undersecretary for policy at DHS, discusses cybersecurity initiatives at a Center for Strategic and International Studies event on Friday at 11 a.m.

Secure log off

Thanks for reading. See you tomorrow.


More From The Washington Post

The Washington Post
The Washington Post
image beaconimage beaconimage beacon