AI-Powered Fake News Campaign Targets Western Support for Ukraine and U.S. Elections
A shadowy Moscow-based company, already sanctioned by the U.S. earlier this year, has been linked to a new and alarming disinformation campaign aimed at undermining Ukraine and fracturing Western alliances. The operation, which has been active since at least December 2023, is the latest in a series of covert efforts to manipulate public opinion using cutting-edge technology and deceptive tactics.
The campaign, orchestrated by the Social Design Agency (SDA), employs artificial intelligence (AI) to create fake videos and websites that mimic trusted news sources. Dubbed Operation Undercut by cybersecurity experts at Recorded Future’s Insikt Group, the effort is designed to erode support for Ukraine, sow discord in Western nations, and influence the 2024 U.S. elections.
“This operation, running in tandem with other campaigns like Doppelganger, is designed to discredit Ukraine’s leadership, question the effectiveness of Western aid, and stir socio-political tensions,” Recorded Future stated in its analysis. “The campaign also seeks to shape narratives around the 2024 U.S. elections and geopolitical conflicts, such as the Israel-Gaza situation, to deepen divisions.”
How Operation Undercut Works
Operation Undercut is a sophisticated disinformation campaign that leverages AI-generated content to spread false narratives. The campaign uses fake news websites and social media accounts to amplify its reach, targeting audiences in Ukraine, Europe, and the United States. By impersonating reputable media outlets, the operation seeks to gain the trust of unsuspecting readers and viewers.
Here are some key tactics used in the campaign:
- Creation of AI-enhanced videos and images that mimic legitimate news sources.
- Use of over 500 fake social media accounts on platforms like 9gag and America’s Best Pics and Videos to distribute content.
- Exploitation of trending hashtags in multiple languages to maximize visibility.
- Promotion of content from other disinformation campaigns, such as CopyCop (also known as Storm-1516).
Recorded Future noted that the campaign is part of a broader Russian strategy to destabilize Western alliances and portray Ukraine’s leadership as corrupt and ineffective. By targeting Western audiences, the SDA aims to reduce military aid to Ukraine and weaken international support for the country.
Connections to Other Disinformation Campaigns
Social Design Agency has a history of involvement in disinformation campaigns. The company was previously linked to Doppelganger, which used fake social media accounts and inauthentic news sites to manipulate public opinion. Both SDA and another Russian company, Structura, were sanctioned by the U.S. in March 2024 for their roles in these operations.
Operation Undercut shares infrastructure with Doppelganger and another campaign known as Operation Overload (also referred to as Matryoshka and Storm-1679). Operation Overload targeted the 2024 French elections, the Paris Olympics, and the U.S. presidential election using fake news sites, false fact-checking resources, and AI-generated audio.
The SDA’s latest campaign continues to exploit the trust people place in established media brands. By using AI-powered videos and images, the operation lends an air of credibility to its false narratives, making it even more challenging for audiences to discern fact from fiction.
APT28 and the Nearest Neighbor Attack
While Operation Undercut focuses on disinformation, another alarming development has emerged involving a Russia-linked hacking group known as APT28, or GruesomeLarch. The group was observed breaching a U.S. company in early February 2022 using an unusual technique called the “nearest neighbor attack.”
This method involved first compromising a different organization located in an adjacent building within Wi-Fi range of the target. The ultimate goal was to collect data from individuals with expertise on Ukraine-related projects, just ahead of Russia’s invasion of the country.
According to cybersecurity firm Volexity, the attack unfolded as follows:
- APT28 conducted password-spray attacks against a public-facing service on the secondary organization’s network to obtain valid wireless credentials.
- The group then used these credentials to connect to the secondary organization’s Wi-Fi network.
- From there, they laterally moved across the network to breach the primary target’s Wi-Fi network, all while being thousands of miles away.
“GruesomeLarch was able to ultimately breach [the organization’s] network by connecting to their enterprise Wi-Fi network,” Volexity explained in a blog post. “The threat actor accomplished this by daisy-chaining their approach to compromise multiple organizations in close proximity to their intended target.”
One critical vulnerability exploited in the attack was the lack of multi-factor authentication (MFA) for the target’s Wi-Fi network. While the organization’s internet-facing resources were protected by MFA, the Wi-Fi network required only valid credentials and proximity to the target.
The Bigger Picture
Both Operation Undercut and the nearest neighbor attack highlight the evolving tactics used by Russian actors to achieve their geopolitical goals. From AI-powered disinformation campaigns to sophisticated cyberattacks, these efforts aim to destabilize Western nations, undermine democratic processes, and weaken support for Ukraine.
As these threats continue to grow, experts stress the importance of vigilance and robust cybersecurity measures. Multi-factor authentication, for example, could have prevented the nearest neighbor attack by adding an extra layer of security to the compromised Wi-Fi network.
Meanwhile, combating disinformation requires a multi-pronged approach, including media literacy education, fact-checking initiatives, and international cooperation to hold bad actors accountable. As the 2024 U.S. elections approach, the stakes have never been higher.
Originally Written by: The Hacker News