You are using an outdated browser. Please upgrade your browser to improve your experience.
Skip to content
FREE eBook: Explore the role of AI in OSINT Read Now

In this blog, our Fivecast Tradecraft Advisor explores how adversarial nations have leveraged online information and domains to execute offensive campaigns, seeking to undermine public faith in institutions and support their strategic objectives.  

The availability and unprecedented access to information in the 21st Century have undoubtedly made positive contributions to the well-being of communities across the globe. However, this information is also used for nefarious purposes by emerging powers and rogue state actors, who have recently doubled down to shape and manipulate the global narrative and capitalize on shortcomings in our operational security. These efforts manifest in a variety of forms, such as disinformation campaigns meant to influence the outcome of elections or weaponized software used in large-scale cyber-espionage operations.

Chinese LinkedIn Efforts

One of the prominent social engineering methods used in recent years has centered around Chinese operatives creating fake accounts and posing as headhunters to recruit assets for espionage. These accounts tend to have a western connection in the form of a school or business and attempt to elicit information from unsuspecting individuals who hold a position that enables access to valuable information. After an exchange of messages, the targeted individuals are often offered an opportunity to take an all-expenses-paid trip to China and speak at some kind of conference. These operatives may also offer to pay individuals to write reports on topics of interest. Alexander Csergo is an Australian businessman who was paid by the Chinese to write reports using publicly available information on Quad alliances, lithium mines, and German defense firms. Csergo has recently been charged with reckless foreign interference for the release of information specific to Australian defence, economic and national security arrangements.


Of concern is that many professionals in the intelligence community continue to list a security clearance on their LinkedIn or resume, making the targeting of these accounts even easier for foreign adversaries. Recently, China has expanded these efforts to include private sector employees, including academics in fields of interest such as artificial intelligence or robotics.

Russian Disinformation Operations

Recent Russian disinformation operations have mirrored some of the tactics long used by the Chinese Communist Party, most notably the use of bot farms and other automated fake accounts to spread anti-US propaganda. These types of disinformation campaigns increased considerably following Russia’s invasion of Ukraine as Russia seeks to manipulate narratives related to the war. Russia has also used paid internet trolls to spread these messages, posting a minimum of 200-character comments as often as 135 times a day.  Even before the conflict began, in a massive internet campaign, Russia attempted to disguise its positioning of troops along the Russia-Ukraine border as logistical activities in support of a training exercise. While Europe has since been proactive in countering many of the narratives Russia perpetuates online, Russia has applied similar techniques targeting audiences in the Middle East, where pro-Kremlin messaging can go broadly undetected.

Iranian Influence Abroad

Russia isn’t the only world power employing other countries’ tactics. Iran has a history of distributing misinformation online through the backing and manipulation of various online news sources. Sources such as Sabreen News regularly promote content aligning with Iranian foreign policy initiatives and attempt to discredit factual news sources. In a report from 2018, Reuters was able to identify more than 70 websites in 15 different countries pushing pro-Iranian narratives. These sites had monthly traffic of over a half million people and were shared across multiple social media sites by accounts with over a million followers.

Limiting Susceptibility to Adversarial Tactics

Minimizing the amount of information on professional sites such as LinkedIn can reduce the risk of being targeted by a foreign intelligence operative. Influence campaigns like those discussed rely on the ability to spread quickly, exploit confirmation bias among internet users, and remain undetected. Average internet users can limit the spread of these messages by doing a few minutes of research before sharing a link or posting an article. Engaging in conversations about conflicting views with peers and colleagues can also lead to a wider and more well-rounded outlook on emerging narratives. Learning more about how to isolate disinformation and counter it appropriately is crucial to maintaining public safety and preserving trust in reliable information sources.

Open-source intelligence is a key component in rapidly identifying these disinformation campaigns and espionage attempts due to the real-time battle taking place both on the internet and in the media. OSINT as a discipline will continue to adapt and advance just as the tactics for spreading and generating disinformation change. With this change and the sheer amount of open-source information ever-growing, it is crucial to have a wide array of tools such as Fivecast ONYX available to facilitate the analysis of this information. These tools can not only help identify disinformation narratives and espionage attempts but also aid in uncovering the networks behind adversarial efforts.