Published by Cyber Intelligence on 13 August 2024
Green Cicada Network: Emerging X (Twitter) inauthentic account network powered by generative AI
CyberCX Intelligence has identified a network of at least 5,000 inauthentic X accounts almost certainly controlled in concert by an AI large language model system. This network, which we have dubbed the Green Cicada Network, is likely an information operation capability in a developmental state, but we have observed it improving operational execution over time and sharply increase activity since July 2024. The Green Cicada Network primarily engages with divisive US political issues and may plausibly be staged to interfere in the upcoming presidential election. It has also amplified hot-button political issues in other democracies, including Australia. Our primary purpose in publishing this Intelligence Update is to expose this network before it causes harm, and to facilitate further research. The Green Cicada Network also offers important insights about emerging malicious uses of generative AI.
Key points
- CyberCX Intelligence has identified a network of at least 5,000 inauthentic X accounts almost certainly controlled in concert by an artificial intelligence (AI) Large Language Model (LLM) based system. We have called this network the Green Cicada Network.
- We assess that the system controlling the network is likely to be an information operation capability in a development or experimental state, based on inferred system architecture and patterns in malformed outputs. We assess the system is designed, at least in part, to ‘launder’ politically divisive narratives by rewording organic content as new posts and replies and to amplify organic divisive content on X through engagement.
- While the Green Cicada Network is unlikely to be effective for malign political influence in its current state, we assess it could be leveraged to conduct more harmful activities in future. It is plausible that the network operators are preparing to increase activities in the lead up to the US presidential election.
- Most accounts in the network are currently dormant, but activity increased sharply in July. The network has also been rectifying operational errors over time, which may make its activities more effective and harder to detect.
- The Green Cicada Network predominantly engages with US political and cultural issues, but has also amplified hot-button political issues in Australia, the UK, western Europe, India, Japan and other democratic countries.
- The system controlling the network is strongly associated with China, including the likely use of a Chinese-language LLM system and links to an AI researcher affiliated with Tsinghua University and Zhipu AI, a prominent Chinese AI company. Amplification of divisive content in democracies is also consistent with China’s information operation playbook.
- The Green Cicada Network is one of the largest networks of inauthentic activity publicly exposed to date (measured by number of accounts) and may be the first significant China-related information operation to use generative AI as a core element of operations.
- CyberCX Intelligence continues to assess that a wide range of threat actors will increasingly experiment with generative AI to improve the scale and effectiveness of malicious activities.
- The Green Cicada Network highlights how generative AI can allow a significant scale of malicious output with limited human oversight, at low cost and with low barriers to entry. It is possible that the system underpinning the network is operated by high-end consumer-grade hardware and is developed by just one individual.
- The system controlling the network has gaps in operational security, but is iterating over time. We assess that a more mature, future version of the system underlying the Green Cicada Network would be extremely difficult for parties other than X to detect.
- CyberCX Intelligence strongly recommends that all organisations update their threat models to reflect developments in generative AI. We urge technology companies to protect their end-users by taking proactive steps to prevent their platforms from being exploited by malicious uses of AI.
You can download the full Intelligence Update below