BIGFISH TECHNOLOGY LIMITED
04 September 2024

Spamouflage's advanced misleading behavior highlights the need for greater email security.

Ahead of the US elections, enemies are using social media to acquire political clout. Russian and Iranian operations have grown more forceful and public. However, China appears to have chosen a more deliberate and sophisticated approach.

China's apparent disinformation attempts have little to do with portraying one political candidate as superior to another. Rather, the country's actions may be intended to weaken trust in voting systems, elections, and America in general, by amplifying criticism and inciting strife.

 

Spamouflage
In recent months, the Chinese disinformation network known as Spamouflage has engaged in "advanced deceptive behavior." It has secretly created thousands of accounts over more than 50 domains and used them to target people in the United States.

The group has been active since 2017, but has recently stepped up its efforts.

 

Fake profiles
The Spamouflage network's false internet accounts display fake identities that may alter on a whim. The accounts/profiles have been detected on X, TikTok, and other platforms.
According to researchers, the bogus accounts and photographs may have been created using artificial intelligence algorithms.

Accounts have followed specific patterns, utilizing hashtags such as #American while presenting themselves as voters or groups who "love America" but are disillusioned by political issues ranging from women's healthcare to Ukraine.

In June, one X post stated, "Although I am an American, I am strongly opposed to NATO and the behavior of the US government in war. "I believe soldiers should protect their own country's people and territory, not start wars on their own..." The phrase was accompanied by an illustration depicting NATO's growth throughout Europe.

 

Email Security Implications
Disinformation operations that construct (and weaponize) bogus profiles, as explained above, will be highly successful when crafting and distributing phishing emails, because the emails will look to emanate from legitimate sources.

Advanced Email Security Protocols
If you have not previously done so inside your organization, consider implementing the following:


This necessitates the implementation and adherence by businesses and personnel to improved verification mechanisms that verify the veracity of communications.

  • Multiple-factor authentication. Even if credentials are obtained through phishing, multi-factor authentication can assist prevent unwanted account access.
  • Email authentication protocols. SPF, DKIM, and DMARC technologies can help validate the legitimacy of email senders and prevent spoofing attempts.
  • Advanced threat detection. Advanced threat detection systems based on AI and machine learning can improve email traffic security.
  • Employee awareness. Remind employees to think not only before clicking, but also before linking to information, whether in their professional or personal life.
  • Incident response plans. Most organizations have incident response strategies. But are they regularly updated? Can they tackle disinformation and deepfake threats?

 

To effectively counter challenges, companies must take a dynamic, multidimensional strategy. But it's challenging.

 

Source: Cybertalk.Org