In an increasingly digitalized world, lions must concern themselves with the opinions of the sheeple.

As the Ukraine-Russia war rages on, so do disinformation/propaganda campaigns launched online to manipulate ideologically-vulnerable people (sheeple) into supporting various national agendas.

Such “Information Operations (IO)” are now part of cyber warfare, and one cybersecurity firm has uncovered four recent operations in its research:

  • A Russian-influence campaign known widely as Secondary Infektion, that had started prior to the invasion, has continued operating to spread misinformation about President Zelenskyy
  • A new operation dubbed Ghostwriter, has been using compromised assets to publish fabricated content, promoting the narrative that a Polish criminal ring was harvesting organs from Ukrainian refugees to illegally traffic in the European Union 
  • The Niezależny Dziennik Polityczny (NDP), an IO campaign centered around an online journal of the same name, has shifted toward an aggressive defense of Russian strategic interests seeded by both overt and covert sources within Russia’s propaganda and disinformation ecosystem. The NDP and Ghostwriter campaigns show overlaps that may suggest some degree of coordination or advanced shared knowledge of operational planning
  • A pro-Iran campaign dubbed “Roaming Mayfly” due to its potential links to the Iran-aligned Endless Mayfly influence campaign in 2019 has been launched to accuse the West of hypocrisy in their dealings with Saudi Arabia compared to Russia
  • A pro-PRC campaign dubbed DRAGONBRIDGE comprising thousands of inauthentic accounts across numerous social media platforms, websites, and forums, has shifted its messaging to produce content in English and Chinese that echoes narratives promoted by Russian state media and influence campaigns
  • Telegram channel “Cyber Front Z” overtly dedicated to promoting pro-Russia content pertaining to the invasion to audiences in Russia, Ukraine, and the West. The channel may be run by individuals linked to entities sanctioned by the USA
  • Telegram channels linked to APT28 and the ‘Russian General Staff Main Intelligence Directorate (GRU) 85th Main Special Service Center’ continue to post content that appears intended to weaken Ukrainians’ confidence in their government and its response to the invasion. The content also appears intended to undermine support for Ukraine from its Western partners, interspersed with more seemingly benign posts relaying apolitical content or news reporting

According to the above research by Mandiant, while these operations have presented an outsized threat to Ukraine, they have also threatened, and are expected to continue to threaten, the USA and other Western countries.

Meanwhile, pro-PRC and pro-Iran campaigns have leveraged the Russian invasion opportunistically to further progress long-held strategic objectives.

One notable feature of operations attributed to known actors thus far is “their apparent consistency with the respective campaign’s established motives. Russia-aligned operations, including those attributed to Russian, Belarusian, and pro-Russia actors, have thus far employed the widest array of tactics, techniques, and procedures (TTPs) to support tactical and strategic objectives, directly linked to the conflict itself.”