Title: Disinformation Campaigns Targeting Ukraine Emerge Through AI-Enhanced Tactics
In a chilling revelation, a Moscow-based entity known as the Social Design Agency (SDA), recently sanctioned by the U.S. government, is linked to a deceptive influence operation aimed at swaying public sentiment against Ukraine and undermining Western support. Since late 2023, this covert campaign, dubbed Operation Undercut by Recorded Future’s Insikt Group, has utilized artificial intelligence-enhanced videos and fraudulent websites mimicking credible news sources. The operation primarily targets audiences within Ukraine, Europe, and the United States, aiming to discredit Ukraine’s leadership and raise doubts about the efficacy of Western military aid.
Operation Undercut operates alongside other similar campaigns, such as Doppelganger, which also leverages false narratives spread through social media and inauthentic news websites. This systematic effort is characterized by attempts to create social division and stir political controversy across multiple fronts, including the upcoming 2024 U.S. elections and ongoing geopolitical situations like the Israel-Gaza conflict. According to cybersecurity experts, the overarching goal of these campaigns is to deepen societal fractures and demonstrate Ukraine’s leadership as incapable and corrupt, thereby diminishing Western military support for the embattled nation.
Previous investigations have linked the SDA to the Doppelganger campaign, which also utilized social media and networks of fabricated news outlets to manipulate public opinion. This extensive disinformation effort, operating since early 2023, was compounded by recent sanctions against the SDA and another Russian company, Structura, aimed at disrupting their operations. Analysts from Recorded Future report that Operation Undercut shares infrastructure with other undermine operations, including Matryoshka and Operation Overload, which have sought to destabilize key events such as the French elections and the Paris Olympics in addition to influencing the political climate in the United States.
The SDA’s new operation employs tools designed to misappropriate users’ trust in reputable media organizations, employing AI-generated visuals for added credibility. Investigators have identified over 500 deceptive social media accounts employed to propagate misleading content across various platforms, while trending hashtags in the relevant languages bolster the campaign’s outreach. Moreover, the operation has been found to promote narratives that echo disinformation from additional Russian-affiliated campaigns like CopyCop, further intensifying the anti-Ukraine sentiment.
As the SDA maneuvers through social media landscapes, Moscow’s broader strategy aims to erode Western alliances and sway public perception about Ukraine’s governmental effectiveness. Recorded Future warns that these efforts are designed to weaken Western resolve and support for Ukraine, with an eye toward reducing military aid, thereby allowing Russia to advance its geopolitical objectives more effectively. Their findings raise alarms regarding the sophisticated methodologies adopted by state-sponsored actors in the digital disinformation realm.
In addition to the SDA’s evolving tactics, another related concern has surfaced involving a Russian-linked cyber group known as APT28 (GruesomeLarch), which has conducted a unique compromise method, termed a nearest neighbor attack. This approach allowed the threat actor to breach the network of a U.S. organization by gaining access through an adjacent entity, employing a daisy-chaining technique to infiltrate multiple interconnected networks—highlighting the complexities and dangers of modern cyber warfare. With the continuing integration of advanced technology in these nefarious operations, the threats posed by digital disinformation and cyberattacks remain an urgent issue for national security both in the U.S. and globally.