A Moscow-headquartered company that was recently subject to economic sanctions imposed by the United States government. In the past year, there has been a notable link between an additional disinformation campaign and a series of operations aimed at shaping public opinion towards Ukraine, with the ultimate goal of undermining Western support, dating back to at least December 2023.
A sophisticated influencer marketing strategy was implemented by Social Design Agency, utilising AI-powered film content and fake websites masquerading as credible news outlets to target demographics across Ukraine, Europe, and the United States. According to an assessment from Recorded Future’s Insikt Group, the term has been dubbed.
The Russian-backed operation, synchronised with various disinformation campaigns, aims to undermine Ukraine’s leadership, question the efficacy of Western aid, and fuel socio-political unrest.
The marketing campaign also aims to craft compelling stories throughout the 2024 United States. Elections and geopolitical conflicts, including the protracted Israel-Gaza scenario, exacerbate deepening divisions.
A social design company, previously linked to Doppelganger, leverages social media platforms and inauthentic online portals to manipulate public perception and shape opinions through insidious means. The corporation and its founders were scrutinized by the U.S. Earlier in March, alongside another prominent Russian company, Structura, a notable collaboration took place.
Operation Undercut, a clandestine initiative, is known to share infrastructure with two other Russia-aligned influence operations: Matryoshka and Storm-1679. These campaigns have been credited with attempting to subvert the 2024 French presidential election, the Paris Olympics, as well as U.S.-based targets. The presidential election was manipulated through a complex web of misinformation, as fake news websites and unreliable fact-checkers sowed seeds of confusion among the electorate. Additionally, AI-generated audio content further muddied the waters, making it increasingly difficult for voters to discern truth from fiction.
The latest marketing initiative relies heavily on exploiting customers’ faith in established media brands, employing AI-generated content masquerading as authentic news outlets to enhance its perceived legitimacy. With a sprawling network of at least 500 accounts across multiple social media platforms – akin to those found on 9gag and America’s greatest pictures and movies – the content has been significantly amplified.
Moreover, the operation has leveraged trending hashtags in targeted international regions and languages to expand its reach to a broader audience, concurrently promoting content from (aka Storm-1516), effectively amplifying its global impact.
According to Recorded Future, Operation Undercut forms part of Russia’s strategy to undermine Western unity by portraying Ukraine’s leaders as incompetent and corrupt. The Russian-backed SDA is endeavouring to stoke animosity towards Ukraine among European and American populations, ultimately aiming to curtail the flow of military assistance from the West to Ukraine.
APT28 Conducts Nearest Neighbor Assault
The US government’s disclosure of a Russian-linked threat actor, also known as GruesomeLarch, occurs after it was detected breaching US assets. Firmly established in early February 2022, an unusual method was employed to breach security: the closest neighbour attack. This tactic commenced by initially compromising a specific entity located in an adjacent building within the target’s WiFi range.
The primary objective of the assault targeted an unidentified group, which emerged just prior to Russia’s invasion of Ukraine, was to collect information from individuals with experience in or initiatives actively engaging with the country.
According to Volexity, GruesomeLarch had an opportunity to ultimately compromise the organization’s community by exploiting its enterprise Wi-Fi network. The threat actor successfully orchestrated a series of attacks on multiple organizations in close proximity to their target, leveraging a chain reaction of compromised entities to ultimately achieve their objective.
The breach allegedly occurred through a password-spraying attack targeting a publicly accessible service within the company’s network, exploiting the fact that single-factor authentication was sufficient to connect to the corporate Wi-Fi infrastructure.
Volexity described an exploitation technique involving remote access to a target organization’s Wi-Fi network by breaching secondary subnets along the path from the gateway and leveraging these compromised areas as relays for lateral movement, ultimately connecting with the desired entity’s wireless infrastructure while remaining thousands of miles away.
The sheer scope of compromised credentials failed to grant access to the client’s system, with all internet-facing resources demanding a multi-factor authentication hurdle, according to Sean Koessel, Steven Adair, and Tom Lancaster. “Consequently, the Wi-Fi community lacked robust security measures, making it vulnerable; all it took was proximity to the target network and valid login credentials for an attacker to gain access.”
