Threat Intelligence Bullish 6

Fabricated Uniforms and Smear Campaigns: How Cyber Tactics Fueled an Attack on Alibaba and JD.com

· 4 min read ·
Share

Key Takeaways

  • A police-investigated smear campaign against Alibaba and JD.com used manipulated images of delivery uniforms and hired a media agency to spread false narratives online, highlighting the cyber threat of reputation-based disinformation attacks on major platforms.

Mentioned

Alibaba Group Holding company BABA JD.com company JD Richard Liu Qiangdong person Taobao Shangou product Chengdu Xiaoben Culture Media company Meituan company MTURY State Administration for Market Regulation government Sichuan Public Security Authority government

Key Intelligence

Key Facts

  1. 1Sichuan police dismantled a months-long smear campaign targeting Alibaba’s Taobao Shangou and JD.com, including its finance unit and founder Richard Liu.
  2. 2Campaign used fabricated images of delivery uniforms with altered text to imply illegal services; five individuals from Chengdu Xiaoben Culture Media received administrative penalties.
  3. 3The scheme began in summer 2025 during a food delivery price war among Alibaba, JD.com, and Meituan, which had prompted a regulatory warning for 'rational' competition.
  4. 4JD.com and Alibaba publicly thanked police for combating online rumors and maintaining a clean online environment just ahead of the June 18 '618' shopping festival.
  5. 5Market regulation authorities are now investigating, with potential further penalties under anti-unfair competition laws.

combating online rumours and maintaining a clean and healthy online environment

JD.com Corporate Official Statement

Social media post after police dismantlement

Analysis

For cybersecurity professionals, the incident demonstrates the weaponization of simple digital manipulation—fabricated images and altered text—to conduct a months-long smear campaign. The engagement of a media agency to amplify the false content points to the emerging threat of disinformation-as-a-service, where cyber tactics are deployed to undermine corporate reputation. This case provides real-world data on how such attacks unfold and the defensive role of monitoring and law enforcement collaboration.

Chinese police in Chengdu have dismantled a coordinated, months-long smear campaign targeting e-commerce and food delivery giants Alibaba Group Holding and JD.com, the companies confirmed via social media posts last week. The campaign involved a media agency, Chengdu Xiaoben Culture Media, hired by an unnamed company to spread false information, including fabricated images of delivery uniforms with altered text suggesting illegal services. JD.com said the attacks also targeted its finance unit and founder Richard Liu Qiangdong. The Sichuan public security authority earlier this month announced administrative penalties against five individuals from the agency and referred evidence to market regulation authorities for further investigation, exposing a rare instance of enforced accountability for corporate disinformation in China’s hyper-competitive internet sector.

Chinese police in Chengdu have dismantled a coordinated, months-long smear campaign targeting e-commerce and food delivery giants Alibaba Group Holding and JD.com, the companies confirmed via social media posts last week.

The campaign began last summer, when Alibaba, JD.com, and Meituan were locked in an intense food delivery price war, with platforms giving away products like milk tea to attract consumers. The fierce competition drew a formal warning from the State Administration for Market Regulation to engage in “rational” competition, underscoring the regulatory sensitivity around market disorder. The timing of the police announcement—just days before the June 18 “618” shopping festival finale, one of China’s largest online retail events—raises the stakes, as reputational attacks during peak sales periods can materially affect consumer trust and revenue. Both Alibaba (through its Taobao Shangou instant commerce unit) and JD.com publicly thanked the police for “combating online rumours” and maintaining a “clean and healthy online environment.”

From a regulatory perspective, the case signals Beijing’s continued push to protect the private sector and ensure fair competition, a theme elevated after years of antitrust crackdowns. The use of administrative penalties rather than criminal charges suggests authorities are signaling deterrence without escalating to corporate criminal liability, at least for the agency individuals. The hand-off to market regulators could lead to fines or business license revocations under anti-unfair competition laws, setting a precedent for how China handles proxy smear campaigns where the ultimate beneficiary remains anonymous. The lack of identification of the unnamed company behind the campaign leaves open the possibility of further enforcement and civil litigation by the targets.

What to Watch

For Alibaba and JD.com, the public vindication reinforces investor confidence ahead of the 618 festival, a critical revenue driver. Alibaba’s Taobao Shangou, which competes directly with Meituan in instant delivery, was specifically targeted with images designed to damage its legitimacy. JD.com’s broader exposure—encompassing finance and its founder—indicates a multi-pronged attack possibly aimed at destabilizing the conglomerate’s reputation. Both companies’ stock prices may see short-term positivity from the police action, though no direct financial impact is yet quantifiable.

The incident also offers a case study in cyber-enabled disinformation: the use of manipulated visual media and a hired agency to amplify false narratives. This tactic mirrors global trends in corporate smear campaigns but is notable in China for the swift police intervention. The case underscores the growing importance of threat intelligence and online reputation monitoring for large platforms. Moving forward, the full unmasking of the principal behind Chengdu Xiaoben will be closely watched, as it could implicate a major competitor or reveal a pattern of industrial sabotage. With 618 now under way, the episode serves as a reminder that in China’s digital economy, competitive warfare increasingly blends legal, regulatory, and reputational weapons.

Timeline

Timeline

  1. Smear campaign begins

  2. Police announce penalties

  3. Companies thank police

  4. 618 Shopping Festival finale

Cite This Page

"Fabricated Uniforms and Smear Campaigns: How Cyber Tactics Fueled an Attack on Alibaba and JD.com." Cyber Intelligence Brief, June 21, 2026. https://getcyberbrief.com/story/cyber-smear-campaign-fabricated-images-alibaba-jd

From the Network

How we covered this story

Every story in our cybersecurity coverage is assembled from multiple primary sources, cross-referenced for factual consistency, and scored along three independent dimensions: sentiment, operational impact, and source-cluster confidence. Single-source rumors and unverifiable claims do not pass our editorial gate. When a story shows "Verified by N sources" with N≥2, the development is independently corroborated; when N=1, we mark it explicitly so readers can weigh the signal accordingly.

Impact scoring uses a 1-10 scale weighted toward regulatory, financial, and operational consequence rather than coverage volume. A topic that runs in every outlet but moves no real decisions ranks lower than a niche regulatory filing that reshapes how operators in the cybersecurity space have to behave. Read our full methodology for the scoring rubric, our glossary for term definitions, and our trends index for the longitudinal view across the beat.