Russian state media uses covert software for disinformation bots, US warns

Avatar

Authorities in several countries are warning of a sophisticated Russia-backed social media campaign that relies on AI-powered software to spread disinformation in the U.S. and abroad.

Called Meliorator, the software is reportedly used by the affiliates of RT (formerly Russia Today), a Russian state-sponsored media organization, to create fictitious online personas and post misleading content.

Since at least 2022, RT affiliates have used Meliorator to disseminate disinformation to and about the U.S., Poland, Germany, the Netherlands, Spain, Ukraine and Israel, according to a joint advisory released by U.S., Canadian and Dutch security services on Tuesday.

The U.S. Justice Department (DOJ) announced that it seized two domain names and searched almost a thousand social media accounts used by Russian actors to create an AI-enhanced bot farm with the help of Meliorator.

To register the fictitious social media accounts, the bot farm operators used private email servers, which in turn relied on the two domain names from a U.S.-based provider, the authorities said. The DOJ said those were seized by the FBI. 

In addition to the DOJ’s actions, social media company X (formerly Twitter) voluntarily suspended the remaining bot accounts identified in the court documents for terms of service violations.

“Today’s actions represent a first in disrupting a Russian-sponsored generative AI-enhanced social media bot farm,” said FBI Director Christopher Wray. 

“Russia intended to use this bot farm to disseminate AI-generated foreign disinformation, scaling their work with the assistance of AI to undermine our partners in Ukraine and influence geopolitical narratives favorable to the Russian government.”

Meliorator is designed to create fictitious social media profiles — bots — often purporting to belong to individuals in the U.S. The software operators then use these profiles to promote messages in support of the Russian government.

The bot personas associated with the Meliorator tool are capable of generating original posts, following other users, “liking,” commenting, reposting and obtaining followers, authorities said. They can also mirror the disinformation of other bot personas and amplify existing Russian disinformation narratives, according to the advisory.  

The identities of the bots are determined based on specific parameters or archetypes selected by the user. Meliorator could even group ideologically aligned bots using a specially crafted algorithm to construct each bot’s persona, determining factors such as location, political ideologies, and biographical data, the authorities said.

The majority of accounts followed by the bot personas boast more than 100,000 followers, which is necessary for the bots to avoid detection when interacting with other accounts, according to the advisory. In addition, the bots followed genuine accounts that reflected their political leanings and interests listed in their biographies.

As of June 2024, Meliorator only worked on X, the advisory said, but the latest analysis suggests the software’s functionality will likely be expanded to other social media networks.

U.S. authorities link the development of Meliorator to an unspecified Russian individual who worked as the deputy editor-in-chief at RT in early 2022. 

RT reportedly viewed the social media bot farm as an alternative means for distributing information beyond its standard television news broadcasts. RT went off the air in the U.S. in early 2022.

The development of this bot farm was approved and financed by the Kremlin, the advisory said, while Russia’s Federal Security Service (FSB) had access to the software and could use it to advance its goals.

The FSB’s use of U.S.-based domain names violates the International Emergency Economic Powers Act, the DOJ said. In addition, the accompanying payments for that infrastructure violate U.S. money laundering laws.

“Today’s action demonstrates that the Justice Department and our partners will not tolerate Russian government actors and their agents deploying AI to sow disinformation and fuel division among Americans,” said Deputy Attorney General Lisa Monaco in a statement.

Nation-stateTechnologyNews
Get more insights with the

Recorded Future

Intelligence Cloud.

Learn more.

No previous article

No new articles

Daryna Antoniuk

is a reporter for Recorded Future News based in Ukraine. She writes about cybersecurity startups, cyberattacks in Eastern Europe and the state of the cyberwar between Ukraine and Russia. She previously was a tech reporter for Forbes Ukraine. Her work has also been published at Sifted, The Kyiv Independent and The Kyiv Post.

 

Total
0
Shares
Previous Post

Russia is starting to try to influence US presidential race, intelligence official says

Next Post

Bellingcat warns of ‘censorship’ on X after research on Russian attack is labeled spam

Related Posts

How to Get Going with CTEM When You Don’t Know Where to Start

Continuous Threat Exposure Management (CTEM) is a strategic framework that helps organizations continuously assess and manage cyber risk. It breaks down the complex task of managing security threats into five distinct stages: Scoping, Discovery, Prioritization, Validation, and Mobilization. Each of these stages plays a crucial role in identifying, addressing, and mitigating vulnerabilities -
Avatar
Read More