According to a new report from cybersecurity firm Mandiant and Google experts, a pro-Chinese government online influence operation is targeting Americans in an effort to exploit divisions over the Covid-19 pandemic and “physically mobilize protestors in the US in response.”

The operation, which began in 2019 with an attempt to discredit pro-democracy protests in Hong Kong, has grown into a “global campaign that’s operating in seven languages, on at least 30 social media platforms, and across 40+ website & forums,” according to Mandiant and Google experts, drawing parallels to Russia’s disinformation campaign during the 2016 presidential election.

According to one source familiar with the situation, US officials believe the operation is linked to the Chinese government and have been monitoring its progress. During the 2020 election, US officials were watching to see if the operation would be used to spread disinformation, but concluded that the Chinese government avoided doing so because it did not want to provoke a response, according to the source.

Months later, experts have seen a “explosion of activity” around the world, and the decision to hold physical protests in the United States “demonstrates they are a very serious threat,” Mandiant Threat Intelligence Vice President John Hulquist told reporters.

“This direct call for physical mobilization is a significant development compared to previous activity, potentially indicative of an emerging intent to motivate real-world activity outside of China’s territories,” according to the report. “While this attempt did not appear to be successful, we believe it is critical that observers continue to monitor for such attempts in case the network later realizes greater degrees of organic engagement.”

In April, for example, experts discovered thousands of fake accounts encouraging Asian Americans to protest racial injustice in the United States, as well as “misinformation about the virus’s origins.” While there is no evidence that these posts were successful in mobilizing protesters, the report states that “it does provide an early warning that the actors behind the activity may be beginning to explore, in however limited a fashion, more direct means of influencing the domestic affairs of the United States.”

While there has been little interaction with these pro-Chinese accounts, the operation’s massive scope indicates that the actors responsible have “significantly expanded their online footprint and appear to be attempting to establish a presence on as many platforms as possible in order to reach a variety of global audiences,” according to Mandiant’s experts.

“We’ve seen this threat actor evolve over the last two years, from the types of content they publish to the tactics they employ to amplify it. Despite low engagement levels, the most significant features of this network remain its scale and persistence. That is why we have taken a proactive approach to detecting and removing disinformation from this network “According to Shane Huntley, Director of Google’s Threat Analysis Group.

China’s cyber espionage against the US has increased since the Covid-19 outbreak, and Beijing has consistently sought to shape the global narrative through overt and covert means. Chinese officials have openly spread false and misleading information about the virus and its origins for months.

However, in recent years, the US and several of its European allies have been more cautious in attributing disinformation and other malicious cyber activity to China than to other state actors, namely Russia and Iran.

When pressed on the subject, in May 2020, European Commission President Ursula von der Leyen denied allegations that the EU watered down a report on coronavirus disinformation in response to Chinese pressure.

While experts at Mandiant and Google say they have not seen these specific pro-Chinese accounts wade into election-specific content to date, they do warn that the actors responsible could be gearing up for a more expansive disinformation push, which could very well be conducted in a similar manner to Moscow’s campaign to meddle in the 2016 US election.

Beijing isn’t the only US adversary associated with broad online efforts to undermine trust in democratic institutions. German officials blamed Russia’s GRU military intelligence agency on Monday for a hacking campaign targeting politicians ahead of the September general election in Germany. According to researchers, the same hacking group has also targeted US allies such as Poland with false narratives about NATO.