Russia doctors custom videos by US actors to create anti-Ukraine propaganda


In a recent anti-Ukraine propaganda campaign, a Russia-aligned group manipulated videos of well-known American actors to spread a message that Ukraine’s president is a “corrupt drug addict,” analysts said Thursday.

The source videos came from sites like Cameo — where celebrities can record and send personalized messages to users for a fee — according to one section of a broad report by Microsoft about Russian influence and cyber operations.

“Unwitting American actors and others appear to have been asked … to send a message to someone called ‘Vladimir’, pleading with him to seek help for substance abuse,” Microsoft said.

Microsoft said it found seven such videos, including recordings by Elijah Wood (“The Lord of the Rings”), Dean Norris (“Breaking Bad”), Kate Flannery (“The Office”) and boxer Mike Tyson.

The influence operation added Ukrainian emojis, links and President Volodymyr Zelensky’s social media handle. Russian state-affiliated media then used the clips to amplify the Kremlin’s false narrative that Zelensky struggles with substance abuse.

The state-owned Russian news outlet RIA Novosti even published an article in August, treating a fake video featuring actor John McGinley as if it were an authentic appeal to Zelensky.

Given that the videos follow a similar pattern, it is possible that a Russian group paid for them and then edited them for its needs, Microsoft said. The actors seemed unaware that their videos were misused to spread propaganda.

A representative for Wood told Wired that the request submitted through Cameo “was in no way intended to be addressed to Zelensky or have anything at all to do with Russia, Ukraine, or the war.”

Read More: Russia-linked ‘Doppelgänger’ social media operation rolls on, report says

To push the propaganda operation even further, Russian threat actors also faked content from reputable media outlets such as BBC, Al-Jazeera or Euronews, according to the Microsoft report. The goal of these videos is to diminish Western support for Ukraine.

One of the videos, disguised as a BBC news report, falsely claimed that the Ukrainian military was responsible for a missile strike that killed dozens of civilians. The video used BBC’s logo, color scheme and aesthetics, and featured English-language captions containing errors commonly made when translating from Slavic languages to English.

Microsoft researchers have found more than a dozen such videos, often amplified by Russian-language Telegram channels and subsequently spread to mainstream social media platforms.

“Although this content has had limited reach, it could pose a credible threat to future targets if refined or improved with the power of AI or amplified by a more credible messenger,” the researchers said.

Get more insights with the

Recorded Future

Intelligence Cloud.

Learn more.

No previous article

No new articles

Daryna Antoniuk
is a freelance reporter for Recorded Future News based in Ukraine. She writes about cybersecurity startups, cyberattacks in Eastern Europe and the state of the cyberwar between Ukraine and Russia. She previously was a tech reporter for Forbes Ukraine. Her work has also been published at Sifted, The Kyiv Independent and The Kyiv Post.


Leave a Reply

Your email address will not be published. Required fields are marked *

Previous Post

HHS proposes new cybersecurity requirements for hospitals through HIPAA, Medicaid and Medicare

Next Post

US charges two Russians in hacks of government accounts

Related Posts

10 Critical Endpoint Security Tips You Should Know

In today's digital world, where connectivity is rules all, endpoints serve as the gateway to a business’s digital kingdom. And because of this, endpoints are one of hackers' favorite targets.  According to the IDC, 70% of successful breaches start at the endpoint. Unprotected endpoints provide vulnerable entry points to launch devastating cyberattacks. With IT
Read More

Code Keepers: Mastering Non-Human Identity Management

Identities now transcend human boundaries. Within each line of code and every API call lies a non-human identity. These entities act as programmatic access keys, enabling authentication and facilitating interactions among systems and services, which are essential for every API call, database query, or storage account access. As we depend on multi-factor authentication and passwords to safeguard
Read More