A security researcher on Twitter has come across numerous accounts that appear to be blaming the National Security Agency (NSA) for hacks linked to the Chinese government.
Cybersecurity analyst Dominic Alvieri discovered this week that many of the accounts were impersonating Intrusion Truth, a mysterious group that has been exposing the identities of suspected Chinese government-backed hackers since 2017.
The fake accounts have attempted to tie the NSA to APT 41, a hacking group that the FBI and cybersecurity firms say is working on behalf of the Chinese state.
“New Chinese misinformation campaign attempting to attribute Chinese APT 41 to the NSA,” Alvieri tweeted.
The accounts’ attempts to impersonate Intrusion Truth are unsurprising given its success in outing Chinese hackers. In 2017, Intrusion Truth revealed details on the suspected Chinese hacker group APT 10, known for targeting manufacturing, aerospace, and engineering companies in the U.S.
Intrusion Truth received widespread attention the following year after its allegations regarding the group were confirmed by the U.S. Department of Justice, which had brought charges against two Chinese hackers associated with APT 10.
The fabricated accounts, which have copied Intrusion Truth’s profile picture and header, were all created within the last two months.
“#APT41 An elite hacker group affiliated with the US National Security Agency (NSA) has been found to have created an advanced covert backdoor that has been used to monitor 45 countries for more than a decade,” one of the accounts tweeted.
The accounts also shared an article about NSA surveillance capabilities from CNN as well as an article published by a Chinese media outlet. A third article falsely claimed that a prominent American cybersecurity firm had likewise linked APT 10 to the NSA, despite the firm actually linking the hackers to China.
Since Alvieri’s discovery, at least one of the accounts has suddenly changed its name, profile picture, and header image. However, the tweets that the account previously attempted to attribute to Intrusion Truth still remain.
In remarks to the Daily Dot, Alvieri stated that he came across the accounts while conducting research.
Intrusion Truth did not respond to inquires from the Daily Dot by press time but has become aware of the misinformation campaign.
“Imitation is the sincerest form of flattery,” the group tweeted. “#APT41 can’t seem to stop themselves from emulating our work. We must be doing something right. As the Chinese say – 见贤思齐.”
The Daily Dot was also able to locate numerous other impersonation accounts by simply searching for “Intrusion Truth” on Twitter.
The campaign, which appears to be largely unsuccessful, comes amid a significant uptick in the hacking of U.S. companies and agencies by China.