U.S. Sanctions Russians Behind ‘Doppelganger’ Cyber Influence Campaign

Avatar
The U.S. Treasury Department’s Office of Foreign Assets Control (OFAC) on Wednesday announced sanctions against two 46-year-old Russian nationals and the respective companies they own for engaging in cyber influence operations. Ilya Andreevich Gambashidze (Gambashidze), the founder of the Moscow-based company Social Design Agency (SDA), and Nikolai Aleksandrovich Tupikin (Tupikin), the CEO and

The U.S. Treasury Department’s Office of Foreign Assets Control (OFAC) on Wednesday announced sanctions against two 46-year-old Russian nationals and the respective companies they own for engaging in cyber influence operations.

Ilya Andreevich Gambashidze (Gambashidze), the founder of the Moscow-based company Social Design Agency (SDA), and Nikolai Aleksandrovich Tupikin (Tupikin), the CEO and current owner of Russia-based Company Group Structura LLC (Structura), have been accused of providing services to the Russian government in connection to a “foreign malign influence campaign.”

The disinformation campaign is tracked by the broader cybersecurity community under the name Doppelganger, which is known to target audiences in Europe and the U.S. using inauthentic news sites and social media accounts.

“SDA and Structura have been identified as key actors of the campaign, responsible for providing [the Government of the Russian Federation] with a variety of services, including the creation of websites designed to impersonate government organizations and legitimate media outlets in Europe,” the Treasury said.

Both Gambashidze and Tupikin have been accused of orchestrating a campaign in the Fall of 2022 that created a network of over 60 sites designed to masquerade as legitimate news websites and fake social media accounts to disseminate the content originating from those spoofed sites.

The department said the fake websites were built with an intent to mimic the appearance of their actual counterparts, with the portals including embedded images and working links to the legitimate sites and even impersonated the cookie consent pages as part of efforts to trick visitors.

Furthermore, a closer examination of the two cryptocurrency wallets listed by OFAC as associated with Gambashidze reveals that they have received more than $200,000 worth of USDT on the TRON network, with a significant chunk originating from the now-sanctioned exchange Garantex, Chainalysis said.

“He then cashed out most of his funds to a single deposit address at a mainstream exchange,” blockchain analytics firm noted. “These transactions highlight Garantex’s continued involvement in the Russian government’s illicit activities.”

Doppelganger, active since at least February 2022, has been described by Meta as the “largest and the most aggressively-persistent Russian-origin operation.”

In December 2023, Recorded Future revealed attempts by the malign network to leverage generative artificial intelligence (AI) to create inauthentic news articles and produce scalable influence content.

SDA and Structura, along with Gambashidze, have also been the subject of sanctions imposed by the Council of the European Union as of July 2023 for conducting a digital information manipulation campaign called Recent Reliable News (RRN) aimed at amplifying propaganda declaring support for Russia’s war against Ukraine.

“This campaign […] relies on fake web pages usurping the identity of national media outlets and government websites, as well as fake accounts on social media,” the Council said at the time. “This coordinated and targeted information manipulation is part of a broader hybrid campaign by Russia against the EU and the member states.”

The development comes as the U.S. House of Representatives unanimously passed a bill (Protecting Americans’ Data from Foreign Adversaries Act, or H.R.7520) that would bar data brokers from selling Americans’ sensitive data to foreign adversaries, counting China, Russia, North Korea, and Iran.

It also arrives a week after Congress passed another bill (Protecting Americans from Foreign Adversary Controlled Applications Act, or H.R.7521) that seeks to force Chinese company ByteDance to divest popular video sharing platform TikTok within six months, or risk facing a ban, due to national security concerns.

Found this article interesting? Follow us on Twitter and LinkedIn to read more exclusive content we post.

 The Hacker News 

Total
0
Shares
Leave a Reply

Your email address will not be published. Required fields are marked *

Previous Post

International freight tech firm isolates Canada operations after cyberattack

Next Post

Two Russians sanctioned by US for alleged disinformation campaign

Related Posts

Seiko says ransomware attack led to leak of 60,000 ‘items’ of personal data

Japanese watchmaker Seiko announced on Wednesday that a ransomware incident initially reported this summer resulted in the breach of about 60,000 pieces of personal data from customers, employees, business partners and job applicants.
Jason Macuray
Read More