Document Type


Publication Date



This report analyzes the behavior of a single, coordinated inauthentic information operator working within China and in the interests of the Chinese government. This operator has been called by different names by different analysts, including “Spamouflage Dragon“ (by the network analysis firm Graphika) and “Dragonbridge” (by the Google owned cybersecurity firm Mandiant) and has been operating continuously since, at least, April 2017. In this report we will refer to this actor as Dragonbridge. Section II of this report gives an update on several campaign this actor has engaged in recent months. Section III presents a synthetic overview of some of Dragonbridge’s past and ongoing tactics and targets. Section IV draws some more general lessons about how this actor operates.