The Russia-linked influence operation called Doppelganger targets Ukrainian, US, and German audiences through a combination of fake news sites and social media accounts.
These campaigns are designed to promote content designed to discredit Ukraine as well as spread anti-LGBTQ+ sentiment, US military capability, and economic and social issues in Germany, according to a new report. which was shared by The Hacker News.
Doppelganger, described by Meta as “the largest and most aggressively-persistent operation of Russian origin,” is a pro-Russian network known for spreading anti-Ukrainian propaganda. Active since at least February 2022, it is linked to two companies named Structura National Technologies and Social Design Agency.
Activities related to influence operations are known to use manufactured websites as well as those pretending to be authentic media – a technique known as brandjacking – to spread adversarial narratives.
Learn Insider Threat Detection using Application Response Strategies
Learn how application detection, response, and automated behavior modeling can transform your defense against content threats.
The latest campaigns are also described as using advanced obfuscation techniques, including “manipulation of social media thumbnails and strategic first- and second-stage website redirection to evade detection, and the likely use of generative artificial intelligence (AI) to create fake news articles,” the cybersecurity firm SAYS.
The findings show Doppelgänger’s evolving tactics and shed light on the use of AI for information warfare and to create scalable influence content.
The campaign aimed at Ukraine is said to consist of more than 800 social media accounts, in addition to banking first and second stage domains to hide the true destination. Some of these links also use the Keitaro Traffic Distribution System (TDS) to EVALUATE the overall success and effectiveness of the campaign.
One of the notable aspects of the US and German campaign is the use of fake media outlets such as Election Watch, MyPride, Warfare Insider, Besuchszweck, Grenzezank, and Haüyne Scherben that publish harmful content as original news and opinion.
“Doppelgänger demonstrates the sustainable, scalable, and adaptive nature of Russian information warfare, demonstrating strategic patience aimed at gradually shifting public opinion and behavior,” Recorded Future said.
It is worth pointing out that Meta, in its quarterly Enemy Threat Report published last week, it also said found a new group of websites linked to Doppelganger aimed at US and European political affairs, such as migration and border security.
“Their latest web content appears to be copy-pasted from mainstream US news outlets and modified to question US democracy and promote conspiracy themes,” said Meta, who promoted Election Watch as one of the sites focused on the US.
“Soon after the terrorist attack by Hamas in Israel (in October 2023), we saw that these websites began to post about the crisis in the Middle East as a proof of the decline of Americans ; and at least one website claiming that Ukraine supplies weapons to Hamas.”
Meta also said it took steps to disrupt three separate influence operations — two from China and one from Russia — in the third quarter of 2023 that used fictitious personas and media brands. to target audiences in India and the US, and share content about the Russian invasion. in Ukraine.
It is, however, noted that proactive threat sharing by the US federal government related to foreign election interference has been halted since July 2023, cutting off a key source of information that could be critical to disrupting the malicious foreign campaigns by sophisticated threat actors.