Skip to main content
Mallory
Back to threat actors
🇨🇳 CN

912 Special Project Working Group

Also known as912 Special Project Working Group

The 912 Special Project Working Group is described in the provided content as an elite task force of the People’s Republic of China’s Ministry of Public Security (MPS), specifically linked to Beijing’s MPS bureau. Its stated purpose was to target Chinese dissidents located throughout the world, including in the United States, as part of broader PRC transnational repression operations. In 2023, U.S. authorities charged multiple alleged MPS officers said to be assigned to this group in connection with operations targeting dissidents and diaspora communities living in the United States. According to the content, the group’s activities included creating thousands of fake online personas on social media platforms, including Twitter, to harass and threaten Chinese dissidents abroad, disseminate official PRC propaganda and narratives, and counter pro-democracy speech. Members allegedly used temporary email addresses, posted official PRC government content, and interacted with other users to avoid detection and to conceal coordinated activity. The group reportedly tracked members’ performance in operating online personas and rewarded those who ran multiple personas without detection. The content further states that the group was tasked to compose articles and videos targeting the activities of Chinese dissidents abroad and U.S. government policies, attempted to recruit U.S. persons as unwitting agents to spread PRC narratives, and took repeated actions to have dissidents and their meetings removed from a U.S. telecommunications company’s platform. Alleged disruptions included posting threats in a videoconference commemorating the Tiananmen Square Massacre and flooding another videoconference about countering communism with loud music, vulgar screams, and threats directed at pro-democracy participants. The broader context in the content places the group within PRC transnational repression targeting dissidents and diaspora communities, including Uyghurs, Tibetans, Falun Gong practitioners, Hong Kong pro-democracy activists, survivors of the 1989 Tiananmen Square protests and massacre, and others viewed as threatening the Chinese Communist Party’s narrative control or domestic security. No additional aliases or sub-groups are directly provided in the content beyond the name 912 Special Project Working Group.

Share:
Are they targeting you?

Know when an actor pivots toward your sector

Mallory correlates actor tradecraft and target patterns against your stack, your sector, and your geography. See overlap before they land.

Start free trial
OPERATIONAL PROFILE

Targeting

Who, where, and (when attributed) which flag flies behind the operation. Pulled from open-source reporting and Mallory's analyst review.

Who they target

Sectors the actor has been observed targeting.

  • Non-Governmental Organizations

Where they target

Geographies tied to known operations.

  • 🇺🇸 United States

Where they're from

Attributed origin per open-source reporting.

  • CN
MITRE ATT&CK

Tradecraft

3 distinct techniques observed across reporting, grouped by tactic. Hover any cell for the evidence excerpt; click through for MITRE's full description.

3 of 15 tactics4 techniques×N= number of intelligence reports citing this technique
MITRE ATT&CK
TA0043
Reconnaissance
1 technique
T1598
Phishing for Information
TA0042
Resource Development
1 technique
T1585
Establish Accounts
T1585.001
Social Media Accounts
TA0040
Impact
1 technique
T1498
Network Denial of Service
ACTIVITY FEED

Recent activity

2 sources tracked across advisories, community write-ups, and news. New activity surfaces here as Mallory finds it.

2 SOURCESView more in app
malware newsNews
Jun 3, 2026
How China's Cyber Operations - and the Contractors Behind Them - Target Critics Abroad - Malware Analysis - Malware Analysis, News and Indicators

An elite Ministry of Public Security task force allegedly involved in operations targeting dissidents and diaspora communities abroad as part of transnational repression.

Read more
us department of justiceNews
Apr 17, 2023
Office of Public Affairs | 40 Officers of China’s National Police Charged in Transnational Repression Schemes Targeting U.S. Residents | United States Department of Justice

A PRC Ministry of Public Security task force allegedly conducting transnational repression against Chinese dissidents abroad, including in the United States, through fake social media personas, online harassment, propaganda dissemination, attempted recruitment of unwitting amplifiers, and disruption of dissident videoconferences.

Read more
What this page doesn’t show

The version that knows your environment.

This page is what’s public. Mallory adds the parts that aren’t: sector and geo overlap with your footprint, the IOCs they’re burning right now, detection coverage, and what to do next.
Start free trial
Target overlap

Match sector + geo + tech-stack targeting against your real footprint.

Tradecraft mapping3

Every observed MITRE ATT&CK technique, grouped by tactic.

Malware arsenal

Families this actor is known to deploy, with IOCs and behavior.

Exploited CVEs

CVEs this actor has used in known campaigns.

Detection signatures

YARA, Sigma, Snort, and vendor rules, auto-deployed to your SIEM.

Observables

Domains, IPs, and hashes tied to this actor, refreshed continuously.