Got the ICCk
Welcome to Memetic Warfare.
Let’s get this party started with the rare type of Doppelganger research that I like to see, check it out here.
This report, from Daniel Rakov, covers Doppelganger specifically in the context of Israel, and provides a deep dive with a lot of added cultural context and information. This is the type of hyper-focused DG research with something new to say that I’d like to see going forward.
For those interested in more Doppelganger coverage, check out Reset.Tech’s report on a cluster of accounts exploiting verification on Twitter, available here.
The next big headline was the announcement of OFAC sanctions on the Chinese company “Sichuan Silence Information Technology”, a software and cyber contractor for Chinese government agencies. You may recall Sichuan Silence from their one influence operation that they ran that Meta took down back in 2021.
Sichuan Silence, and one specific employee named Guan Tianfeng, were sanctioned due to their vuln dev on firewalls, including over 23,000 compromised firewalls in the US, with 36 protecting critical infrastructure.
The most interesting part here is the final sentence. Guan apparently dabbled in dropping ransomware, and apparently tried to deploy some against an American energy company that was drilling at the time. If the attack hadn’t been detected, according to OFAC, the oil rigs employed could have malfunctioned and potentially killed people.
This may seem like a pretty normal thing to the average person, but the ability of cyber operations to kill people (and whether or not they do/have done so) is actually a big point of discussion in the industry. For more on this, check out Thomas Rid’s “Cyber War Will Not Take Place” article/book.
As per additional reporting, Sichuan Silence targeted Sophos firewalls, which I bring up because of Sophos’ recently published, 5 year long counter-intelligence operation against Chinese vuln devs, which apparently led to or at least played a role in this indictment. Definitely give their report a read.
For more on Sichuan Silence, I’d also highly recommend looking at Natto Thoughts’ article on it below:
But wait, there’s more!
Recorded Future published a report on Chinese “ICCs”, short for International Communication Centers. In short, these are nerve/fusion centers for coordinating propaganda and influence operations on topics and/or regions.
The report is a great example of fusing strategic-level, language and document-heavy research with operational implications. Let’s look at the executive summary below:
So we see that we’ll be discussing ICCs, of which there are more than 100 globally, which coordinate influence and propaganda activity.
These ICCs can act reasonably independently, and push out an impressive amount of content via multiple mediums and channels. Most interestingly, they serve as a sort of bridge between media outlets and online activity.
The key findings make this a bit clearer:
Chinese-language articles and surveys list the four main fields of activity:
Promoting “national development” concepts
Promoting international StratComs for China, including by “recruiting foreigner” to make soft propaganda
Promoting China’s image regionally, i.e. via the BRI
Promoting Chinese economic activity, including brands
These ICCs can be fairly large and well-funded, with multiple units, teams and more - see below how they act crossfunctionally to promote shareholder value by providing data-driven analytics to executives via AI-powered dashboards to move the needle and hit KPIs!
Jokes aside, what impresses me here is the organization as well as the areas of activity. An ICC can work on anything from domains to mobile applications to broadcast channels and more.
The report also elucidates why most Chinese spam content is so upbeat and positive:
These ICCs are located globally. Note a focus on Europe and comparatively few in Africa, interestingly.
We’ll conclude with how the ICCs cooperate with traditional media outlets for maximal effect:
There’s a lot more here, but I don’t want to go to deep into the weeds - read it if you have the time.
The last thing that I’ll shout out is FakeReporter’s look at Iranian Twitter activity targeting Israel, check it out here if you’re interested in that kind of thing.
That’s it for this week. Next week we’ll take a look at the Romanian elections and some other hijinks.