Cybercrime , Cyberwarfare / Nation-State Attacks , Fraud Management & Cybercrime

Russia Used Fake US Documents for Disinformation: Report

'Operation Pinball' Used Social Media Posts, Forged Diplomatic Letters, Recorded Future Says
Russia Used Fake US Documents for Disinformation: Report

A recent disinformation campaign that apparently originated in Russia used forged U.S. diplomatic documents and social media channels to spread false stories mainly in Eastern European and Asian countries, according to the security firm Recorded Future, which warns that these same tactics could be used against the U.S. in the run-up to the fall presidential election.

See Also: OnDemand | 2024 Phishing Insights: What 11.9 Million User Behaviors Reveal About Your Risk

The disinformation campaign, which researchers call "Operation Pinball," mainly focused on the governments of Estonia and the Republic of Georgia, which have been frequent targets of Russia. The campaign spread forged diplomatic letters and documents from U.S. senators and Secretary of State Mike Pompeo, Recorded Future says in its new research report.

The campaign, which spanned from at least January 2019 until earlier this year, included a number of self-published webpages, fake news articles and promotion on social media sites, including Reddit, the researchers say. It targeted mainly those who speak Russian, although many of the forged U.S. documents were written in English and contained grammatical and other errors, the report notes.

Similar Tactics

The Recorded Future analysis found ties between the tactics used in Operation Pinball and another Russian disinformation campaign called "Secondary Infektion," which was discovered in June 2019 by the Atlantic Council’s Digital Forensics Lab. Secondary Infektion, which also involved social media accounts on Reddit and Facebook, targeted U.K. lawmakers (see: FTC Sanctions Defunct Cambridge Analytica: So What?).

The researchers say that many of the tactics used in Operation Pinball could serve as a blueprint for disinformation campaigns tied to the U.S. presidential election in November.

"We assess that covert influence operations from Russia against the U.S. and the 2020 election will probably seek to leverage similarly manipulated and forged documents, particularly regarding attempted hack-and-leak operations," according to the report.

False Documents

Operation Pinball appears to have been limited in scope and did not reach as large of an audience as Secondary Infektion, which helped push false stories into the mainstream media, according to the analysis.

Recorded Future "identified minimal shares on social platforms, and Reddit threads were quickly deleted by page administrators of the various pages," according to the report.

Forged letter used in "Operation Pinball" (Source: Recorded Future)

The Recorded Future analysis found, however, that Operation Pinball attempted to make extensive use of forged documents, including a letter attributed to Secretary Pompeo and addressed to a political party in the Eastern European country of Moldova. The letter alleges the U.S. government has complaints about the legitimacy of the government run by the country's current prime minister.

In reality, published reports indicate that Moldova supports the U.S. and wants closers ties to America and has started political reforms to stop corruption, which the State Department supports.

The Recorded Future analysis also found similar forged letters attributed to several U.S. senators as well as some lawmakers in Europe.

"Many of these inauthentic documents are historic in nature and, at least to our knowledge, this is the first time this account has been identified as engaging in this activity," according to Recorded Future, which adds that it's not clear if these letters influenced any political or policy decisions.

Social Media

The Recorded Future analysis also found that Operation Pinball used social media accounts, especially on Reddit, to promote dubious and false articles. The analysis found stories blaming the U.S. and European governments for wars in the Middle East as well as the refugee crisis in Europe that started in 2015.

While aimed at Russian speakers, many of these articles were translated into other languages and promoted on social media accounts apparently created for this purpose, according to the report.

In March, Facebook and Twitter took down a dozen suspicious accounts after investigations found that many of them operating out of Ghana and Nigeria had ties to Russian groups attempting to spread disinformation to U.S. voters (see: Facebook, Twitter Remove More Russia-Linked Accounts).

With the U.S. presidential election coming up in November, social media firms are stepping up their efforts to shut down foreign interference and disinformation campaigns related to U.S. politics (see: FBI's Elvis Chan on Election Cybersecurity).


About the Author

Apurva Venkat

Apurva Venkat

Special Correspondent

Venkat is special correspondent for Information Security Media Group's global news desk. She has previously worked at companies such as IDG and Business Standard where she reported on developments in technology, businesses, startups, fintech, e-commerce, cybersecurity, civic news and education.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing databreachtoday.com, you agree to our use of cookies.