Cybercrime , Cyberwarfare / Nation-State Attacks , Fraud Management & Cybercrime
Russia Used Fake US Documents for Disinformation: Report
'Operation Pinball' Used Social Media Posts, Forged Diplomatic Letters, Recorded Future SaysA recent disinformation campaign that apparently originated in Russia used forged U.S. diplomatic documents and social media channels to spread false stories mainly in Eastern European and Asian countries, according to the security firm Recorded Future, which warns that these same tactics could be used against the U.S. in the run-up to the fall presidential election.
See Also: OnDemand | 2024 Phishing Insights: What 11.9 Million User Behaviors Reveal About Your Risk
The disinformation campaign, which researchers call "Operation Pinball," mainly focused on the governments of Estonia and the Republic of Georgia, which have been frequent targets of Russia. The campaign spread forged diplomatic letters and documents from U.S. senators and Secretary of State Mike Pompeo, Recorded Future says in its new research report.
The campaign, which spanned from at least January 2019 until earlier this year, included a number of self-published webpages, fake news articles and promotion on social media sites, including Reddit, the researchers say. It targeted mainly those who speak Russian, although many of the forged U.S. documents were written in English and contained grammatical and other errors, the report notes.
Similar Tactics
The Recorded Future analysis found ties between the tactics used in Operation Pinball and another Russian disinformation campaign called "Secondary Infektion," which was discovered in June 2019 by the Atlantic Council’s Digital Forensics Lab. Secondary Infektion, which also involved social media accounts on Reddit and Facebook, targeted U.K. lawmakers (see: FTC Sanctions Defunct Cambridge Analytica: So What?).
The researchers say that many of the tactics used in Operation Pinball could serve as a blueprint for disinformation campaigns tied to the U.S. presidential election in November.
"We assess that covert influence operations from Russia against the U.S. and the 2020 election will probably seek to leverage similarly manipulated and forged documents, particularly regarding attempted hack-and-leak operations," according to the report.
False Documents
Operation Pinball appears to have been limited in scope and did not reach as large of an audience as Secondary Infektion, which helped push false stories into the mainstream media, according to the analysis.
Recorded Future "identified minimal shares on social platforms, and Reddit threads were quickly deleted by page administrators of the various pages," according to the report.
The Recorded Future analysis found, however, that Operation Pinball attempted to make extensive use of forged documents, including a letter attributed to Secretary Pompeo and addressed to a political party in the Eastern European country of Moldova. The letter alleges the U.S. government has complaints about the legitimacy of the government run by the country's current prime minister.
In reality, published reports indicate that Moldova supports the U.S. and wants closers ties to America and has started political reforms to stop corruption, which the State Department supports.
The Recorded Future analysis also found similar forged letters attributed to several U.S. senators as well as some lawmakers in Europe.
"Many of these inauthentic documents are historic in nature and, at least to our knowledge, this is the first time this account has been identified as engaging in this activity," according to Recorded Future, which adds that it's not clear if these letters influenced any political or policy decisions.
Social Media
The Recorded Future analysis also found that Operation Pinball used social media accounts, especially on Reddit, to promote dubious and false articles. The analysis found stories blaming the U.S. and European governments for wars in the Middle East as well as the refugee crisis in Europe that started in 2015.
While aimed at Russian speakers, many of these articles were translated into other languages and promoted on social media accounts apparently created for this purpose, according to the report.
In March, Facebook and Twitter took down a dozen suspicious accounts after investigations found that many of them operating out of Ghana and Nigeria had ties to Russian groups attempting to spread disinformation to U.S. voters (see: Facebook, Twitter Remove More Russia-Linked Accounts).
With the U.S. presidential election coming up in November, social media firms are stepping up their efforts to shut down foreign interference and disinformation campaigns related to U.S. politics (see: FBI's Elvis Chan on Election Cybersecurity).