5,000 Fake Accounts on X Controlled by AI Used in Disinformation Campaign Linked to China

Published on August 16, 2024
Written by:
Lore Apostol
Lore Apostol
Infosec Writer & Editor

A network of at least 5,000 fake X accounts (formerly Twitter) that seem to be operated by artificial intelligence (AI) using a Chinese-language Large Language Model (LLM) system is part of a disinformation campaign connected to China, CyberCX security researchers report. Called Green Cicada by the research team, the X disinformation network focuses on “divisive U.S. political issues.”

The network is linked to an AI researcher affiliated with Tsinghua University and the prominent Chinese AI company “Zhipu AI.” The researchers said the system underpinning the network may be operated by high-end consumer-grade hardware and developed by a single individual.

The report added that the activity of these accounts is increasing as the U.S. election approaches, which may suggest that their purpose is to interfere in the upcoming presidential election. The activity of these accounts increased sharply in July, and most are now dormant. 

However, the fake AI accounts also tried to sow political discord in other democratic countries, including Australia, western Europe, India, and Japan, “consistent with China’s information operation playbook.

Chinese X AI Accounts
Image Source: CyberCX

The security experts believe one of the system’s functions is to rephrase organic content and publish it as new posts and replies, aiming to amplify organic divisive political content on the social media platform via engagement. The network has been rectifying operational errors over time, including reducing malformed outputs.

Chinese X AI Influence
Image Source: CyberCX

The report said Elon Musk’s X took sporadic action against Green Cicada Network accounts but failed to take systemic action against overtly linked accounts. The security researchers added that they observed X has reversed Twitter’s initiatives to combat inauthentic activity, including “efforts to detect, label and/or ban inauthentic accounts.”

Just this month, the FBI and CISA warned about potential DDoS attacks, while Iranian state-backed threat actor APT42 targeted high-profile accounts of both sides of the political spectrum connected to the upcoming U.S. presidential election.



For a better user experience we recommend using a more modern browser. We support the latest version of the following browsers: For a better user experience we recommend using the latest version of the following browsers: