Investigation prompts European hosting companies to suspend accounts linked to Russian disinfo

Avatar

Two European web hosting companies have reportedly suspended some accounts linked to the Russian propaganda campaign Doppelgänger after researchers discovered that its operators used the infrastructure of legitimate companies in Europe to spread disinformation.

The hosting giants Hetzner from Germany and Hostinger from Lithuania confirmed to the German nonprofit journalism group Correctiv, which was involved in the Doppelgänger investigation, that they terminated accounts used by the network’s operators.

Hostinger, whose servers in Singapore were used to run several propaganda websites that imitated legitimate media outlets, said that it took down Doppelgänger-linked versions of the Israeli website The Liberal, as well as several German-language websites.

“We have already drawn up an action plan to limit such abuse in the future,” the company’s spokesperson told Correctiv.

Hetzner, whose Finnish subsidiary hosted four Doppelgänger websites, said that it had blocked the affected server. At the time when Correctiv published its report, two of the four sites were still working.

Last week, researchers at digital rights nonprofits Qurium and EU DisinfoLab uncovered infrastructure located or registered in at least ten European countries that is used by Doppelgänger.

This means that European companies, whether knowingly or not, make their services available to a disinformation operation affecting their own nations, researchers said.

Doppelgänger has been operating in Europe since at least May 2022. It is known for spreading fake articles on websites that resemble the design of real media outlets such as Germany’s Der Spiegel and Britain’s The Guardian.

The network’s goal is to advance the interests of the Kremlin and sow discord among its enemies, including the U.S. and Western Europe

Some of the identified companies told Correctiv that they knew nothing about Doppelgänger and that the authorities had not made any complaints against it.

Hetzner and Hostinger were the first to respond to the report. Thanks to their actions, some posts on Facebook and X, which were previously attributed to Doppelgänger, have been leading to an error message for a few days. Some of the propaganda and fake pages are no longer accessible at all.

According to Antibot4Navalny, an anonymous volunteer group that tracks Russian disinformation on X, around 35% of the original Doppelgänger pages and more than a fifth of all pages in the campaign, including the cloned media pages, were affected by the latest disruptions.

On July 14 and 16, the campaign only distributed four links each time, fewer than ever before in the period under review, Correctiv said.

The network operators are trying to adapt to the blocking, researchers found, and moved some of their services from Hetzner to a new address at a Russian hosting provider. “Old links no longer work. New links, on the other hand, lead to content that has not yet been affected by the blocking,” said a report by Correctiv.

Well-known media outlets whose websites were emulated by Doppelgänger are also attempting to shut down the fake websites.

The Süddeutsche Zeitung had already regained two of the campaign’s internet addresses in a dispute settlement procedure. However, as a publisher’s spokesperson told Correctiv, an investigation initiated by a criminal complaint was discontinued.

The Frankfurter Allgemeine Zeitung had also considered legal action against the network but rejected it due to a lack of prospects of success, according to the report.

German authorities are also aware of the European infrastructure abuse by Doppelgänger but don’t appear to be taking any action, Correctiv said.

This “raises the question of how seriously European authorities are fighting disinformation,” Correctiv said.

TechnologyNation-stateNews
Get more insights with the

Recorded Future

Intelligence Cloud.

Learn more.

No previous article

No new articles

Daryna Antoniuk

is a reporter for Recorded Future News based in Ukraine. She writes about cybersecurity startups, cyberattacks in Eastern Europe and the state of the cyberwar between Ukraine and Russia. She previously was a tech reporter for Forbes Ukraine. Her work has also been published at Sifted, The Kyiv Independent and The Kyiv Post.

 

Total
0
Shares
Previous Post

Judge tosses out most of SEC cybersecurity case against SolarWinds

Next Post

Teenage suspect in MGM Resorts hack arrested in Britain

Related Posts

DeceptionAds Delivers 1M+ Daily Impressions via 3,000 Sites, Fake CAPTCHA Pages

Cybersecurity researchers have shed light on a previously undocumented aspect associated with ClickFix-style attacks that hinge on taking advantage of a single ad network service as part of a malvertising-driven information stealer campaign dubbed DeceptionAds. "Entirely reliant on a single ad network for propagation, this campaign showcases the core mechanisms of malvertising — delivering over
Avatar
Read More