Influence operations driven by national strategic needs.

Mandiant has released the second issue of its Cyber Snapshot report, looking at the proliferation of information operations (IOs), threats to NFTs and cryptocurrency, and enterprise security best practices. 

Russian influence ops play defense; China’s plays offense.

The researchers note that Russian state-sponsored threat actors are currently “conducting widespread IO campaigns to bolster the positive perception of the Russian invasion of Ukraine to the Russian people.” Meanwhile, China-aligned actors are carrying out information operations to “sway public opinion against the expansion of rare-earth minerals mining and refining operations in the U.S. and Canada, likely as an attempt to protect China’s heavy investments in rare-earth production.”

The researchers add, “Mandiant finds that these kinds of campaigns are happening constantly. We regularly see new actors who operate on behalf of nation-states that have never before demonstrated a significant cyber capability.”

Lies require a bodyguard of truth.

Mandiant says the most effective information operations involve combining truth and lies, particularly through leaking stolen information:

“The most concerning trends seen in the IO space concern hack-and-leak campaigns. Hack-and-leak IO campaigns are cyber operations in which an attacker breaks into a victim’s network, steals sensitive, damaging data and leaks it publicly to influence a given audience. In many cases, hack-and-leak operators will alter the material they steal to make it seem even more damaging.

“These IO campaigns have had significant impacts in the past, including during the 2016 presidential election in the U.S. As an increasing number of actors adopt IO as a viable means to achieve their goals every year, campaigns will continue to evolve as their capabilities improve.”