top of page


May 30 - June 5, 2024 | Issue 22 - CICYBER and PACOM

Janthe Van Schaik, Mihai Marian Calinoiu, Prim Thanchanok Kanlayanarak, Samuel Pearson, Mrinmoy Routh, Siddhesh Shimpukade  

Alya Fathia Fitri, Editor; Evan Beachler, Senior Editor

U.S. Secretary of Defense Chuck Hagel meets with Chinese President Xi Jinping[1]

Date: May 30, 2024

Location: China

Parties involvedAmerican artificial intelligence research organization OpenAI; Chinese disinformation operation Spamouflage; Chinese Communist Party (CCP); Chinese dissident Cai Xia; Pro-Tibet activist Richard Gere; USA; Japan; South Korea; Taiwan

The event: OpenAI released a report on how a Chinese operation known as Spamouflage, among other similar groups, used its Artificial Intelligence (AI) tools to carry out covert influence operations (IO) to spread disinformation online. These IOs targeted Japan, South Korea, and Taiwan and spread disinformation about Xia and  Gere. The operations sought to damage the credibility of CCP critics and highlight divisive topics in the societies of their adversaries. The campaigns include web defacement, fake engagement by bot accounts, and the generation of disinformation content in Mandarin.[2]

Analysis & Implications:  

  • Spamouflage will likely continue its worldwide IOs to shape public opinion in China’s favor, especially in the Asia-Pacific region. The Chinese threat actor will very likely switch from using web-based Large Language Models (LLM) such as ChatGPT to locally-run LLMs such as LM Studio, which would likely allow them to utilize AI without restrictions and privacy concerns. Using locally-run LLMs will almost certainly increase the IO complexity due to their personalization capabilities and privacy measures, making it more difficult for AI companies and authorities to disrupt threats.

  • These IOs will likely aim to induce citizens of diplomatically important countries such as Japan or South Korea to vote for China-aligned politicians, raising Beijing’s control over the region. Chinese threat actors will very likely continue targeting Beijing’s critics amongst the Chinese diaspora, likely intending to deter them from attacking the government’s policies or leadership. The CCP will very likely use IO as punishment against the Chinese diaspora to control the discourse about the CCP’s leadership and policies outside of China. 

  • Threat actors like Spamouflage will likely integrate AI-generated audio or videos of politicians to disinform US voters and interfere with the US elections in November 2024. Chinese-linked threat actors will publish disinformation posts targeting several echo chambers, very likely aiming to reach a bigger audience between now and the US elections. These disinformation subjects will likely include foreign policy matters such as the country’s stance regarding the wars in Ukraine and Gaza, fake policies regarding economic problems like inflation and the cost of living, and healthcare topics like abortion rights.

Date: June 2, 2024

LocationTaiwan and Palau

Parties involved: Taiwanese government; Taiwan’s allies; Palau government; ransomware group DragonForce; US government; Japan Maritime Self-Defense Force (MSDF); Philippines

The event: The Taiwanese government has condemned a hack targeting Palau’s government.[3] Malicious actors breached Palau’s government networks in mid-March, acquiring and leaking the data online. The data included 20,000 documents detailing the US military presence in Palau, crews of Japanese MSDF ships visiting Palau, and information on Taiwan-Palau relations. At the time of the attack, Dragonforce claimed to be behind the data breach, while Palau’s government denied any cyber incident.[4] However, Palau now accuses the Chinese government of sponsoring the attack.

Analysis & Implications:

  • The cyberattack will likely lead to greater efforts to improve Palau’s cyber defense capabilities, especially with international cooperation. Palau's inability to detect or prevent this data breach will very likely motivate it to seek international assistance to build its cyber capacity. Taiwan and the US will likely increase and re-emphasize their support, including cybersecurity experts to collaborate with Palau’s local teams and will likely fund training programs for Palauan cybersecurity personnel, focusing on threat detection, incident response, and advanced defensive techniques, given its strategic interest in preserving their partnerships with Palau and will likely provide remote assistance for forensic investigations to help Palau understand the breach's scope and prevent future incidents.

  • Ransomware attacks will likely increase in private-sector industries in Palau. The increasing US presence in the South China Sea likely makes China attempt to gain more control of regional trade by conducting cyber operations to gather confidential information and disrupt business activities. State-sponsored threat actors will likely aim to gain access to company databases by exploiting supply chain vulnerabilities in industries with connections in Taiwan and Palau’s main trade partners, such as the Philippines, which will very likely impact trade by US-allied countries in the region. The public institutions in Palau will likely become more cyber resilient, likely shifting threat actors’ malicious operations to the private sector, which is unlikely to receive as much cyber support.

  • Taiwan’s allies, including Palau, will likely face overt and covert diplomatic pressure to withdraw their recognition of Taipei’s government. China will likely seek to dominate narratives of China-Taiwan relations and use that dominance to delegitimize Taipei’s position by spreading fake news, creating misleading advertisements that portray Taiwan negatively or promoting illegal activities like gambling to undermine public trust in Taiwan’s government, and using platforms like TikTok (Douyin) for information operations. Covert pressure will likely include political influence operations, intensified lobbying efforts, and cyber tactics. Chinese agents will likely attempt to sway key political figures in Taiwan’s allied countries through persuasion or bribery. Cyber espionage will likely target government institutions, political organizations, and media outlets to gather intelligence, spread disinformation, and create instability.

Are you a threat, security, investigative, intelligence, or operational professional? Do you need to stay ahead of the latest threats to your agency, organization, company, or individuals? Then try the Counter Threat Center for free today!

The CTC provides critical intelligence and knowledge of the wide range of global threats. With our help, you can detect, deter, and defeat any threat before it can harm those you have been charged to protect.

Sign up for a free trial today and see how the CTC can help you keep your people and assets safe.  

  • The CTC provides access to a wide range of global threats, including terrorism, cybercrime, and political instability.

  • The CTC's intelligence is gathered from a variety of sources, including open-source intelligence, human intelligence, and technical intelligence.

  • The CTC's analysts are experts in their field and have a deep understanding of the threats facing businesses and organizations today.

  • The CTC's products are tailored to the specific needs of each customer.

  • The CTC offers a variety of subscription options to fit any budget.


[1] US Secretary of Defense licensed under Public Domain (The appearance of U.S. Department of Defense (DoD) visual information does not imply or constitute DoD endorsement.)

[3] Taiwan condemns hack attacks on Palau; offers cybersecurity help, Taipei Times, June 2024, 

[4] A Pacific Island With Ties to Taiwan Was Hacked. Was It Political?, The New York Times, June 2024, 



Commenting has been turned off.
bottom of page