{"id":14469,"date":"2024-02-22T18:42:55","date_gmt":"2024-02-22T18:42:55","guid":{"rendered":"http:\/\/TheNextWeb=1404118"},"modified":"2024-02-22T18:42:55","modified_gmt":"2024-02-22T18:42:55","slug":"new-russian-psyops-mix-disinformation-spam-and-navalny","status":"publish","type":"post","link":"https:\/\/www.londonchiropracter.com\/?p=14469","title":{"rendered":"New Russian PSYOPs mix disinformation, spam, and Navalny"},"content":{"rendered":"\n<p><span>Researchers have discovered a Russia-aligned <\/span><span>PSYOPs campaign with a curious mix of espionage, disinformation, and Canadian pharmacy spam. It also has links to Alexi Navalany, the Kremlin critic who died last week in an Arctic penal colony.<\/span><\/p>\n<p><span>The <span>PSYOPs \u2014 a military term for \u201cpsychological operations\u201d \u2014 were<\/span>&nbsp;unearthed by analysts at ESET, a <a href=\"https:\/\/thenextweb.com\/topic\/cybersecurity\" target=\"_blank\" rel=\"noopener\">cybersecurity<\/a> firm headquartered in Slovakia. They named the campaign \u201cOperation Texonto.\u201d<\/span><\/p>\n<p><span>The operation disseminated war-related disinformation to Ukrainians via spam <a href=\"https:\/\/thenextweb.com\/topic\/email-2\" target=\"_blank\" rel=\"noopener\">emails<\/a>. Through two waves of messages, the PSYOPs spread fears about <\/span><span>shortages of food, medicines, and heating supplies \u2014 typical themes of Russian propaganda.&nbsp;<\/span><\/p>\n<p><span>Alongside the disinformation, ESET detected a recent spear-phishing campaign that targeted a Ukrainian company and an EU agency. It aimed to steal credentials for Microsoft Office 365 accounts.<\/span><\/p>\n<div class=\"inarticle-wrapper channel-cta\">\n<div class=\"ica-text\" readability=\"0\"><a href=\"https:\/\/thenextweb.com\/conference\/tickets?utm_source=TNW-media&amp;utm_medium=display&amp;utm_campaign=TNW2024groups\" data-event-category=\"Article\" data-event-action=\"In Article Block\" data-event-label=\"TNW Conference 2024 - Group ticket offer\" target=\"_blank\" readability=\"4\" rel=\"noopener\"><\/p>\n<p class=\"ica-text__title\">TNW Conference 2024 &#8211; Group ticket offer<\/p>\n<p>Save up to 40% with our Group offer and join Europe&#8217;s leading tech festival in June!<\/p>\n<p><\/a><\/div>\n<\/div>\n<p><span>Due to similarities in their network infrastructure, ESET is confident that the PSYOPs and phishing are connected.&nbsp;<\/span><\/p>\n<p><span>Matthieu Faou, Senior Malware Researcher at ESET, said the company\u2019s customers had sparked the hunt for Operation Texonoto.&nbsp;<\/span><\/p>\n<p>\u201cESET has a significant user base in Ukraine and as such, our research team dedicates a lot of its time to track Russia-aligned groups,\u201d Faou told TNW via email. \u201cWe first uncovered a spear-phishing&nbsp;campaign and then pivoted on the artefacts, which led to the discovery of the two PSYOPs.\u201d<\/p>\n<p><span>It also led to that<\/span><span> connection with Navalny.<\/span><\/p>\n<h2>Real dissidents and fake pharmacies<\/h2>\n<p><span>Operation Texonto used domain names related to Navalny. These included the following:<\/span><\/p>\n<ul type=\"disc\">\n<li class=\"m_4392416570113891028MsoListParagraphCxSpFirst\"><i>navalny-votes[.]net<u><\/u><u><\/u><\/i><\/li>\n<li class=\"m_4392416570113891028MsoListParagraphCxSpMiddle\"><i><span lang=\"NL\">navalny-votesmart[.]net<u><\/u><u><\/u><\/span><\/i><\/li>\n<li class=\"m_4392416570113891028MsoListParagraphCxSpLast\"><i><span lang=\"NL\">navalny-voting[.]net<u><\/u><u><\/u><\/span><\/i><\/li>\n<\/ul>\n<p>These domains suggest that the campaign had another objective. The researchers suspect it deployed spearphishing or information operations against Russian dissidents and Navalny supporters.<\/p>\n<p>Another link was made to fake Canadian pharmacies, which have been popular with<span>&nbsp;Russian cybercriminals for <a href=\"https:\/\/krebsonsecurity.com\/2011\/02\/spamit-glavmed-pharmacy-networks-exposed\/\" target=\"_blank\" rel=\"nofollow noopener\">decades<\/a>. In 2004, \u201cCanadian <span>Pharmacy\u201d <a href=\"https:\/\/www.networkworld.com\/article\/785024\/security-experts-link-flood-of-canadian-pharmacy-spam-to-russian-botnet-criminals.html\" target=\"_blank\" rel=\"nofollow noopener\">was named<\/a> \u201cthe world\u2019s currently most voluminous spam generator.\u201d<\/span><\/span><\/p>\n<p><span>One of the servers used to send the spam emails was later reused to send typical Canadian pharmacy spam.<\/span><\/p>\n<p><span>ESET surmised that the campaign operators had realised they had been detected. Consequently, they may have tried to monetise the burnt infrastructure for personal profit.<\/span><span><\/span><\/p>\n<h2>Detecting psyops<\/h2>\n<p><span>In the disinformation campaign, the first wave of emails was sent in November 2023. They <\/span><span>targeted Ukrainian politicians, energy companies, and citizens. ESET estimates that the messages had \u201cat least a few hundred\u201d recipients.<\/span><\/p>\n<p><span>Rather than spread malicious links or malware,&nbsp;the messages sought to fracture support for Ukraine\u2019s resistance.<\/span><\/p>\n<p>One sender masquerading as the Ukrainian government advised citizens to replace drugs with \u201cfolk methods\u201d using plants. Another email, allegedly from the Ministry of Agriculture, recommended eating \u201cpigeon risotto.\u201d<\/p>\n<p><span>The second wave of emails targeted both Ukrainian citizens and residents of other European countries. All of them, however, were written in Ukrainian.<\/span><\/p>\n<p><span>They featured darker messaging. One email suggested that recipients amputate a limb to avoid military deployment.<\/span><\/p>\n<figure class=\"post-image post-mediaBleed aligncenter\"><img decoding=\"async\" loading=\"lazy\" class=\"size-full wp-image-1404194 js-lazy\" src=\"https:\/\/cdn0.tnwcdn.com\/wp-content\/blogs.dir\/1\/files\/2024\/02\/Screenshot-2024-02-22-at-16.46.20.png\" alt=\"A PDF attached to one of the disinformation emails that suggested eating &quot;pigeon risotto.&quot;\" width=\"1310\" height=\"890\" sizes=\"(max-width: 1310px) 100vw, 1310px\" data-srcset=\"https:\/\/cdn0.tnwcdn.com\/wp-content\/blogs.dir\/1\/files\/2024\/02\/Screenshot-2024-02-22-at-16.46.20.png 1310w, https:\/\/cdn0.tnwcdn.com\/wp-content\/blogs.dir\/1\/files\/2024\/02\/Screenshot-2024-02-22-at-16.46.20-280x190.png 280w, https:\/\/cdn0.tnwcdn.com\/wp-content\/blogs.dir\/1\/files\/2024\/02\/Screenshot-2024-02-22-at-16.46.20-199x135.png 199w, https:\/\/cdn0.tnwcdn.com\/wp-content\/blogs.dir\/1\/files\/2024\/02\/Screenshot-2024-02-22-at-16.46.20-397x270.png 397w, https:\/\/cdn0.tnwcdn.com\/wp-content\/blogs.dir\/1\/files\/2024\/02\/Screenshot-2024-02-22-at-16.46.20-796x541.png 796w\"><figcaption><a href=\"https:\/\/thenextweb.com\/news\/new-russian-psyops-mix-disinformation-spam-and-navalny#\" data-url=\"https:\/\/twitter.com\/intent\/tweet?url=https%3A%2F%2Feditorial.thenextweb.com%2Fdata-security%2F2024%2F02%2F22%2Fnew-russian-psyops-mix-disinformation-spam-and-navalny%2F&amp;via=thenextweb&amp;related=thenextweb&amp;text=Check out this picture on: A PDF attached to one email included a photo of a living pigeon alongside a cooked one. ESET said the image aimed to rile recipients.\" data-title=\"Share A PDF attached to one email included a photo of a living pigeon alongside a cooked one. ESET said the image aimed to rile recipients. on Twitter\" data-width=\"685\" data-height=\"500\" class=\"post-image-share popitup\" title=\"Share A PDF attached to one email included a photo of a living pigeon alongside a cooked one. ESET said the image aimed to rile recipients. on Twitter\"><i class=\"icon icon--inline icon--twitter--dark\"><\/i><\/a>A PDF attached to one email included a photo of a living pigeon alongside a cooked one. ESET said the image aimed to rile recipients.<\/figcaption><noscript><img decoding=\"async\" loading=\"lazy\" class=\"size-full wp-image-1404194\" src=\"https:\/\/cdn0.tnwcdn.com\/wp-content\/blogs.dir\/1\/files\/2024\/02\/Screenshot-2024-02-22-at-16.46.20.png\" alt=\"A PDF attached to one of the disinformation emails that suggested eating &quot;pigeon risotto.&quot;\" width=\"1310\" height=\"890\" srcset=\"https:\/\/cdn0.tnwcdn.com\/wp-content\/blogs.dir\/1\/files\/2024\/02\/Screenshot-2024-02-22-at-16.46.20.png 1310w, https:\/\/cdn0.tnwcdn.com\/wp-content\/blogs.dir\/1\/files\/2024\/02\/Screenshot-2024-02-22-at-16.46.20-280x190.png 280w, https:\/\/cdn0.tnwcdn.com\/wp-content\/blogs.dir\/1\/files\/2024\/02\/Screenshot-2024-02-22-at-16.46.20-199x135.png 199w, https:\/\/cdn0.tnwcdn.com\/wp-content\/blogs.dir\/1\/files\/2024\/02\/Screenshot-2024-02-22-at-16.46.20-397x270.png 397w, https:\/\/cdn0.tnwcdn.com\/wp-content\/blogs.dir\/1\/files\/2024\/02\/Screenshot-2024-02-22-at-16.46.20-796x541.png 796w\"><\/noscript><\/figure>\n<p>The PSYOPs campaign joins the <a href=\"https:\/\/en.wikipedia.org\/wiki\/Firehose_of_falsehood\" target=\"_blank\" rel=\"nofollow noopener\">\u201cfirehouse of falsehood\u201d<\/a> that has targeted Ukraine since Russia\u2019s full-scale invasion.<\/p>\n<p>To <a href=\"https:\/\/thenextweb.com\/news\/ukraine-anti-disinformation-industry-startups\" target=\"_blank\" rel=\"noopener\">tackle such disinformation<\/a>, ESET recommends a mix of smart email filtering,&nbsp;education, and double-checking.<\/p>\n<p>\u201cAdditionally, using trusted fact-checking services can help individuals and organisations verify the validity of contentious information,\u201d Jake Moore, Global Cybersecurity Advisor at ESET, told TNW.<\/p>\n<p>\u201cLastly, if you spot a dodgy source of disinformation, it can help reduce the spread by notifying the email service provider by placing it in the spam folder.\u201d<\/p>\n<p> <a href=\"https:\/\/thenextweb.com\/news\/new-russian-psyops-mix-disinformation-spam-and-navalny\">Source<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Researchers have discovered a Russia-aligned PSYOPs campaign with a curious mix of espionage, disinformation, and Canadian pharmacy spam. It also has links to Alexi Navalany, the Kremlin critic who died last week&#8230;<\/p>\n","protected":false},"author":1,"featured_media":14470,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":[],"categories":[1],"tags":[],"_links":{"self":[{"href":"https:\/\/www.londonchiropracter.com\/index.php?rest_route=\/wp\/v2\/posts\/14469"}],"collection":[{"href":"https:\/\/www.londonchiropracter.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.londonchiropracter.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.londonchiropracter.com\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.londonchiropracter.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=14469"}],"version-history":[{"count":0,"href":"https:\/\/www.londonchiropracter.com\/index.php?rest_route=\/wp\/v2\/posts\/14469\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.londonchiropracter.com\/index.php?rest_route=\/wp\/v2\/media\/14470"}],"wp:attachment":[{"href":"https:\/\/www.londonchiropracter.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=14469"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.londonchiropracter.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=14469"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.londonchiropracter.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=14469"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}