admin 2023年12月6日14:37:27评论13 views字数 4284阅读14分16秒阅读模式


The Russia-linked influence operation called Doppelganger has targeted Ukrainian, U.S., and German audiences through a combination of inauthentic news sites and social media accounts.


These campaigns are designed to amplify content designed to undermine Ukraine as well as propagate anti-LGBTQ+ sentiment, U.S. military competence, and Germany's economic and social issues, according to a new report shared with The Hacker News.

这些活动旨在放大旨在破坏乌克兰以及传播反LGBTQ+情绪、美国军事能力和德国经济社会问题的内容,据The Hacker News分享的一份新报告称。

Doppelganger, described by Meta as the "largest and the most aggressively-persistent Russian-origin operation," is a pro-Russian network known for spreading anti-Ukrainian propaganda. Active since at least February 2022, it has been linked to two companies named Structura National Technologies and Social Design Agency.

Doppelganger,由Meta描述为“最大、最具侵略性且持续性最强烈的俄罗斯起源行动”,是一个以传播反乌克兰宣传而闻名的亲俄罗斯网络,至少自2022年2月以来一直活跃,与Structura National Technologies和Social Design Agency两家公司有关。

Activities associated with the influence operation are known to leverage manufactured websites as well as those impersonating authentic media – a technique called brandjacking – to disseminate adversarial narratives.


The latest campaigns are also characterized by the use of advanced obfuscation techniques, including "manipulating social media thumbnails and strategic first and second-stage website redirects to evade detection, and the likely use of generative artificial intelligence (AI) to create inauthentic news articles," the cybersecurity firm said.


The findings demonstrate Doppelgänger's evolving tactics and throw light on the use of AI for information warfare and to produce scalable influence content.


The campaign targeting Ukraine is said to consist of more than 800 social media accounts, in addition to banking on first and second-stage domains to conceal the true destination. Some of these links also use the Keitaro Traffic Distribution System (TDS) to assess the overall success and effectiveness of the campaign.

据悉,针对乌克兰的活动涉及800多个社交媒体账户,此外还利用第一和第二阶段域来隐藏真正的目的地。其中一些链接还使用Keitaro Traffic Distribution System (TDS)来评估活动的总体成功和效果。


One of the notable aspects of the U.S. and German campaigns is the use of inauthentic media outlets such as Election Watch, MyPride, Warfare Insider, Besuchszweck, Grenzezank, and Haüyne Scherben that publish malign content as original news and opinion outlets.

美国和德国活动的一个显着特点是使用伪造的媒体机构,如选举观察、MyPride、Warfare Insider、Besuchszweck、Grenzezank和Haüyne Scherben等,将恶意内容发布为原创新闻和观点。

"Doppelgänger exemplifies the enduring, scalable, and adaptable nature of Russian information warfare, demonstrating strategic patience aimed at gradually shifting public opinion and behavior," Recorded Future said.

"Doppelgänger展示了俄罗斯信息战的持久性、可扩展性和适应性,展示了渐进转变公共舆论和行为的战略耐心," Recorded Future表示。

It's worth pointing out that Meta, in its quarterly Adversarial Threat Report published last week, said it also found a new cluster of websites linked to Doppelganger that are geared towards U.S. and European political affairs, such as migration and border security.


"Their latest web content appears to have been copy-pasted from mainstream U.S. news outlets and altered to question U.S. democracy and promote conspiratorial themes," Meta said, highlighting Election Watch as one of the U.S.-focused sites.

"他们最新的网络内容似乎已经从主流美国新闻网站复制并修改,以质疑美国民主并推动阴谋论主题," Meta说,强调选举观察是美国重点关注的网站之一。

"Soon after the Hamas terrorist attack in Israel [in October 2023], we saw these websites begin posting about the crisis in the Middle East as a proof of American decline; and at least one website claimed Ukraine supplied Hamas with weapons."


Meta also said it took steps to disrupt three separate covert influence operations – two from China and one from Russia – during the third quarter of 2023 that leveraged fictitious personas and media brands to target audiences in India and the U.S., and share content about Russia's invasion of Ukraine.


It, however, noted that proactive threat sharing by the federal government in the U.S. related to foreign election interference has been paused since July 2023, cutting off a key source of information that could be valuable to disrupt malicious foreign campaigns by sophisticated threat actors.



  • 左青龙
  • 微信扫一扫
  • weinxin
  • 右白虎
  • 微信扫一扫
  • weinxin
  • 本文由 发表于 2023年12月6日14:37:27
  • 转载请保留本文链接(CN-SEC中文网:感谢原作者辛苦付出):


匿名网友 填写信息