A joint effort by SentinelLabs and ClearSky Cyber Security has uncovered a significant propaganda and disinformation campaign, possibly orchestrated by the Russia-aligned influence operation network called Doppelgänger.
The campaign, which began in late November 2023, initially targeted Ukrainian affairs but has since expanded its scope to include the US, Israel, France and Germany.
In Germany, Doppelgänger has intensified its efforts, disseminating propaganda and disinformation content aimed at influencing public opinion, particularly concerning socio-economic and geopolitical issues relevant to the population.
The network seems particularly focused on criticizing the ruling government coalition’s support for Ukraine, possibly with the aim of swaying public sentiment ahead of upcoming elections.
This finding aligns with recent reports from the German Ministry of Foreign Affairs and Der Spiegel, indicating a growing concern about election interference in Germany.
Doppelgänger’s tactics involve leveraging a substantial network of accounts on social media platforms, particularly X (formerly Twitter), and engaging in coordinated activities to amplify their messages and increase visibility.
“The majority of the X accounts we discovered as part of our investigation had not been deactivated at the time of writing,” SentinelLabs wrote in its latest report, published today.
“To maximize visibility and audience engagement, these accounts participate in coordinated activities, such as regularly posting and reposting content from highly popular profiles, as well as engaging with posts from other suspected Doppelgänger-managed accounts.”
The threat actor’s operation also involves sophisticated infrastructure, including a network of websites hosting propaganda articles. These websites mimic the design and structure of legitimate news outlets, with some even impersonating them. Additionally, the network employs various tactics to evade detection and tracking.
“The posts from these accounts contain links that redirect visitors through two stages to the destination articles intended for consumption,” SentinelLabs explained.
“These stages implement obfuscation and tracking techniques. Coupled with the carefully constructed infrastructure management practices we observed Doppelgänger implementing, this underscores the network’s determination to operate without interruptions while effectively tracking the performance of its influence operations.”
According to the advisory, the campaign’s persistence and evolving nature underscores the challenges in combating such influence operations.
“We anticipate that Doppelgänger’s activities, targeting not only Germany but also other Western countries, will persist and evolve, particularly in light of the major elections scheduled across the EU and the USA in the coming years,” reads the advisory.
Countering these operations requires a multifaceted approach, including enhancing public awareness and media literacy, and coordinated actions by social media platforms and infrastructure operators to curb the spread of propaganda and disinformation.