Google nukes 50,000 accounts pushing Chinese disinformation


Google’s Threat Analysis Group terminated tens of thousands of accounts linked to a group known as “Dragonbridge” or “Spamouflage Dragon” that is disseminating pro-Chinese disinformation across multiple online platforms.

According to Google, Dragonbridge gets new Google Accounts from bulk account sellers, and, in some instances, they’ve even switched to accounts previously used by financially motivated actors repurposed for posting disinformation videos and blogs.

Last year, the company took down more than 50,000 accounts used by Dragonbridge across its platforms, including YouTube, Blogger, and AdSense. In total, 100,960 accounts have been shut down since the influence network was first spotted.

This reflects Google’s focus on this coordinated information operation linked to China, described as “the most prolific IO actor TAG tracks.”

Almost no engagement from real viewers

However, despite the Chinese influence operation’s large size and high volume of content production, it has minimal to no engagement from real viewers.

For instance, the vast majority of its YouTube channels had no subscribers when they were taken down last year, and more than 80% of videos had fewer than 100 views.

Dragonbridge blogs on Blogger also had a very low engagement, with less than 10 views per post for almost 95% of posts when they were terminated in December.

“Most DRAGONBRIDGE activity is low quality content without a political message, populated across many channels and blogs. However, a small fraction of DRAGONBRIDGE accounts also post about current events with messaging that pushes pro-China views,” Google TAG’s Zak Butler and Jonas Taege said.

“In 2022, the overwhelming majority of DRAGONBRIDGE content Google disrupted never reached a real audience. Among the 53,177 channels we disabled in 2022, 58% had zero subscribers and 42% of their videos had zero views. 83% of those videos had fewer than 100 views.”

Dragonbridge YouTube channel viewsDragonbridge YouTube channel views (Google TAG)

Signs of evolving tactics

Despite its lack of engagement from authentic viewers, the pro-Chinese disinformation operation is exhibiting persistence and adaptability.

The group, which has been monitored by Google TAG analysts since 2019, has consistently switched tactics and experimented with new formats and higher-quality content.

This shows that there is still a risk that the group’s activity will eventually land on the radars of real users, which would likely boost the overall impact of its content criticizing the U.S. and pushing pro-China messages.

“Despite their failure to gain traction with an authentic audience, DRAGONBRIDGE generates high volumes of content across multiple platforms, is persistent and continues to experiment in their tactics and techniques,” Google added.

“That is why we have scaled our efforts to disrupt DRAGONBRIDGE coordinated inauthentic activity on our platforms.”


  • Mahhn Photo Mahhn – 4 days ago

    while goog takes down videos nobody sees, they continue to host and serve more malware than anyone else in the world, on their playstore. Goog’s press release is more of a ‘look, we stopped bad stuff’, so they can fool people into trusting them enough to get real malware installed form the playstore. I’d like to think goog has positive intent, but I have seen the Project Vetris interviews with googs evil managers.

  • SoftwareEngineer248 Photo SoftwareEngineer248 – 3 days ago

    First, I have never seen any evidence that Google or its employees want Android users to install malware. That is a very very very serious charge and I do not think it should be made without providing a lot of very good evidence to back it up.

    Second, there probably is malware on the Google Play Store. The main reason is it’s hard to police millions of applications. What I mean is no matter how hard Google tries, it will not be able to find every malicious program because malicious programs hide their functionality.

    Third, you are right about Google’s PR tactics. Google uses PR to deflect attention from its mistakes and shortcomings. It also uses PR to create an image.

  • Mahhn Photo Mahhn – 3 days ago

    The only proof I have is the reports on this and other sites showing over the last several years around 170k apps removed from the play store after they were found infected, yearly. BUT the worst part is, you have to use a valid Email address to download anything from it – they NEVER send a notice to people that they may have been compromised, they just quietly delete it from the store and disable if possible on end users. The lack of respect and years of documentation of apps removed tells me it is active Neglect on their end. Side note, if they removed their back door hooks out of the linux variant, it would remove most of the vulnerability they build in – to monitor users for “marketing purposes”.

  • Mahhn Photo Mahhn – 3 days ago

    I don’t mean to say they “want to install malware” more they are negligent in their customers security by not doing a good job preventing, and most certainly not reporting issues to users at risk.

  • AdwCleaner Logo


    Version: 56M+ Downloads

  • Malwarebytes Anti-Malware Logo

    Malwarebytes Anti-Malware

    Version: 4.5.20 4M+ Downloads

  • Windows Repair (All In One) Logo

    Windows Repair (All In One)

    Version: 4.13.1 2M+ Downloads

  • Everything Desktop Search Logo

    Everything Desktop Search

    Version: 22,094 Downloads

  • Zemana AntiLogger Free Logo

    Zemana AntiLogger Free

    Version: 52,653 Downloads


Related posts

New Royal Ransomware emerges in multi-million dollar attacks

Sarah Henriquez

Fortinet says SSL-VPN pre-auth RCE bug is exploited in attacks

Sarah Henriquez

Hackers modify popular OpenVPN Android app to include spyware

Sarah Henriquez

Leave a Comment