{"id":609796,"date":"2024-02-22T21:42:55","date_gmt":"2024-02-22T18:42:55","guid":{"rendered":"https:\/\/en.buradabiliyorum.com\/new-russian-psyops-mix-disinformation-spam-and-navalny\/"},"modified":"2024-02-22T21:42:55","modified_gmt":"2024-02-22T18:42:55","slug":"new-russian-psyops-mix-disinformation-spam-and-navalny","status":"publish","type":"post","link":"https:\/\/buradabiliyorum.com\/en\/new-russian-psyops-mix-disinformation-spam-and-navalny\/","title":{"rendered":"#New Russian PSYOPs mix disinformation, spam, and Navalny"},"content":{"rendered":"<div id=\"ez-toc-container\" class=\"ez-toc-v2_0_85 counter-hierarchy ez-toc-counter ez-toc-custom ez-toc-container-direction\">\n<p class=\"ez-toc-title\" style=\"cursor:inherit\">Table of Contents<\/p>\n<label for=\"ez-toc-cssicon-toggle-item-6a34057b55bab\" class=\"ez-toc-cssicon-toggle-label\"><span class=\"\"><span class=\"eztoc-hide\" style=\"display:none;\">Toggle<\/span><span class=\"ez-toc-icon-toggle-span\"><svg style=\"fill: #dd3333;color:#dd3333\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" class=\"list-377408\" width=\"20px\" height=\"20px\" viewBox=\"0 0 24 24\" fill=\"none\"><path d=\"M6 6H4v2h2V6zm14 0H8v2h12V6zM4 11h2v2H4v-2zm16 0H8v2h12v-2zM4 16h2v2H4v-2zm16 0H8v2h12v-2z\" fill=\"currentColor\"><\/path><\/svg><svg style=\"fill: #dd3333;color:#dd3333\" class=\"arrow-unsorted-368013\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"10px\" height=\"10px\" viewBox=\"0 0 24 24\" version=\"1.2\" baseProfile=\"tiny\"><path d=\"M18.2 9.3l-6.2-6.3-6.2 6.3c-.2.2-.3.4-.3.7s.1.5.3.7c.2.2.4.3.7.3h11c.3 0 .5-.1.7-.3.2-.2.3-.5.3-.7s-.1-.5-.3-.7zM5.8 14.7l6.2 6.3 6.2-6.3c.2-.2.3-.5.3-.7s-.1-.5-.3-.7c-.2-.2-.4-.3-.7-.3h-11c-.3 0-.5.1-.7.3-.2.2-.3.5-.3.7s.1.5.3.7z\"\/><\/svg><\/span><\/span><\/label><input type=\"checkbox\"  id=\"ez-toc-cssicon-toggle-item-6a34057b55bab\" checked aria-label=\"Toggle\" \/><nav><ul class='ez-toc-list ez-toc-list-level-1 ' ><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-1\" href=\"https:\/\/buradabiliyorum.com\/en\/new-russian-psyops-mix-disinformation-spam-and-navalny\/#Real_dissidents_and_fake_pharmacies\" >Real dissidents and fake pharmacies<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-2\" href=\"https:\/\/buradabiliyorum.com\/en\/new-russian-psyops-mix-disinformation-spam-and-navalny\/#Detecting_PSYOPs\" >Detecting PSYOPs<\/a><\/li><\/ul><\/nav><\/div>\n<div id=\"article-main-content\">\n                            <span style=\"font-weight: 400;\">Researchers have discovered a Russia-aligned <\/span><span style=\"font-weight: 400;\">PSYOPs campaign with a curious mix of espionage, disinformation, and Canadian pharmacy spam. It also has links to Alexi Navalny, the Kremlin critic who died last week in an Arctic penal colony.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">The <span>PSYOPs \u2014 a military term for \u201cpsychological operations\u201d \u2014 were<\/span>\u00a0unearthed by analysts at ESET, a cybersecurity firm headquartered in Slovakia. They named the campaign \u201cOperation Texonto.\u201d<\/span><\/p>\n<p><span style=\"font-weight: 400;\">The operation disseminated war-related disinformation to Ukrainians via spam emails. Through two waves of messages, the PSYOPs spread fears about <\/span><span style=\"font-weight: 400;\">shortages of food, medicines, and heating supplies \u2014 typical <a href=\"https:\/\/buradabiliyorum.com\/en\/category\/download-scripts-themes-apps\/\" data-internallinksmanager029f6b8e52c=\"9\" title=\"Download Scripts &amp; Themes &amp; Apps\" target=\"_blank\" rel=\"noopener\">theme<\/a>s of Russian propaganda.\u00a0<\/span><\/p>\n<p><span style=\"font-weight: 400;\">Alongside the disinformation, ESET detected a recent spear-phishing campaign that targeted a Ukrainian company and an EU agency. It aimed to steal credentials for Microsoft Office 365 accounts.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">Due to similarities in their network infrastructure, ESET is confident that the PSYOPs and phishing are connected.\u00a0<\/span><\/p>\n<div class=\"inarticle-wrapper latest channel-cta hs-embed-tnw\">\n<div id=\"hs-embed-tnw\" class=\"channel-cta-wrapper\">\n<div class=\"channel-cta-img\"><img decoding=\"async\" class=\"js-lazy\" src=\"https:\/\/s3.amazonaws.com\/events.tnw\/hardfork-2018\/uploads\/visuals\/tnw-newsletter.png\"\/><\/div>\n<p><noscript><img decoding=\"async\" src=\"https:\/\/s3.amazonaws.com\/events.tnw\/hardfork-2018\/uploads\/visuals\/tnw-newsletter.png\"\/><\/noscript><\/p>\n<div class=\"channel-cta-input\">\n<p class=\"channel-cta-title\">The &lt;3 of EU tech<\/p>\n<p class=\"channel-cta-tagline\">The latest rumblings from the EU tech scene, a story from our wise ol&#8217; founder Boris, and some questionable AI art. It&#8217;s free, every week, in your inbox. Sign up now!<\/p>\n<\/div>\n<\/div>\n<\/div>\n<p><span style=\"font-weight: 400;\">Matthieu Faou, Senior Malware Researcher at ESET, said the company\u2019s customers had sparked the hunt for Operation Texonoto.\u00a0<\/span><\/p>\n<p>\u201cESET has a significant user base in Ukraine and as such, our research team dedicates a lot of its time to track Russia-aligned groups,\u201d Faou told TNW via email.<\/p>\n<p>\u201cWe first uncovered a spear-phishing\u00a0campaign and then pivoted on the artefacts, which led to the discovery of the two PSYOPs.\u201d<\/p>\n<p><span style=\"font-weight: 400;\">It also led to that<\/span><span style=\"font-weight: 400;\"> connection with Navalny.<\/span><\/p>\n<h2><span class=\"ez-toc-section\" id=\"Real_dissidents_and_fake_pharmacies\"><\/span>Real dissidents and fake pharmacies<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p><span style=\"font-weight: 400;\">Operation Texonto used domain names related to Navalny. These included the following:<\/span><\/p>\n<ul type=\"disc\">\n<li class=\"m_4392416570113891028MsoListParagraphCxSpFirst\"><i>navalny-votes[.]net<u\/><u\/><\/i><\/li>\n<li class=\"m_4392416570113891028MsoListParagraphCxSpMiddle\"><i><span lang=\"NL\">navalny-votesmart[.]net<u\/><u\/><\/span><\/i><\/li>\n<li class=\"m_4392416570113891028MsoListParagraphCxSpLast\"><i><span lang=\"NL\">navalny-voting[.]net<u\/><u\/><\/span><\/i><\/li>\n<\/ul>\n<p>These domains suggest that the campaign had another objective. The researchers suspect it deployed spearphishing or information operations against Russian dissidents and Navalny supporters.<\/p>\n<p>Another link was made to fake Canadian pharmacies, which have been popular with<span style=\"font-weight: 400;\">\u00a0Russian cybercriminals for <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/krebsonsecurity.com\/2011\/02\/spamit-glavmed-pharmacy-networks-exposed\/\">decades<\/a>. In 2004, \u201cCanadian <span>Pharmacy\u201d <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/www.networkworld.com\/article\/785024\/security-experts-link-flood-of-canadian-pharmacy-spam-to-russian-botnet-criminals.html\">was named<\/a> \u201cthe world\u2019s currently most voluminous spam generator.\u201d<\/span><\/span><\/p>\n<p><span style=\"font-weight: 400;\">One of the servers used to send the spam emails was later reused to send typical Canadian pharmacy spam.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">ESET surmised that the campaign operators had realised they had been detected. Consequently, they may have tried to monetise the burnt infrastructure for personal profit.<\/span><span style=\"font-weight: 400;\"\/><\/p>\n<h2><span class=\"ez-toc-section\" id=\"Detecting_PSYOPs\"><\/span>Detecting PSYOPs<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p><span style=\"font-weight: 400;\">In the disinformation campaign, the first wave of emails was sent in November 2023. They <\/span><span style=\"font-weight: 400;\">targeted Ukrainian politicians, energy companies, and citizens. ESET estimates that the messages had \u201cat least a few hundred\u201d recipients.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">Rather than spread malicious links or malware,\u00a0the messages sought to fracture support for Ukraine\u2019s resistance.<\/span><\/p>\n<p>One sender masquerading as the Ukrainian government advised citizens to replace drugs with \u201cfolk methods\u201d using plants. Another email, allegedly from the Ministry of Agriculture, recommended eating \u201cpigeon risotto.\u201d<\/p>\n<p><span style=\"font-weight: 400;\">The second wave of emails targeted both Ukrainian citizens and residents of other European countries. All of them, however, were written in Ukrainian.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">They featured darker messaging. One email suggested that recipients amputate a limb to avoid military deployment.<\/span><\/p>\n<figure class=\"post-image post-mediaBleed aligncenter\"><img decoding=\"async\" loading=\"lazy\" class=\"size-full wp-image-1404194 js-lazy\" alt=\"A PDF attached to one of the disinformation emails that suggested eating \" pigeon=\"\" risotto.=\"\" width=\"1310\" height=\"890\" sizes=\"auto, (max-width: 1310px) 100vw, 1310px\" src=\"https:\/\/cdn0.tnwcdn.com\/wp-content\/blogs.dir\/1\/files\/2024\/02\/Screenshot-2024-02-22-at-16.46.20.png\" srcset=\"https:\/\/cdn0.tnwcdn.com\/wp-content\/blogs.dir\/1\/files\/2024\/02\/Screenshot-2024-02-22-at-16.46.20.png 1310w, https:\/\/cdn0.tnwcdn.com\/wp-content\/blogs.dir\/1\/files\/2024\/02\/Screenshot-2024-02-22-at-16.46.20-280x190.png 280w, https:\/\/cdn0.tnwcdn.com\/wp-content\/blogs.dir\/1\/files\/2024\/02\/Screenshot-2024-02-22-at-16.46.20-199x135.png 199w, https:\/\/cdn0.tnwcdn.com\/wp-content\/blogs.dir\/1\/files\/2024\/02\/Screenshot-2024-02-22-at-16.46.20-397x270.png 397w, https:\/\/cdn0.tnwcdn.com\/wp-content\/blogs.dir\/1\/files\/2024\/02\/Screenshot-2024-02-22-at-16.46.20-796x541.png 796w\"\/><figcaption><a rel=\"nofollow noopener\" target=\"_blank\" href=\"#\" data-url=\"https:\/\/twitter.com\/intent\/tweet?url=https%3A%2F%2Feditorial.thenextweb.com%2Fdata-security%2F2024%2F02%2F22%2Fnew-russian-psyops-mix-disinformation-spam-and-navalny%2F&amp;via=thenextweb&amp;related=thenextweb&amp;text=Check out this picture on: A PDF attached to one email included a photo of a living pigeon alongside a cooked one. ESET said the image aimed to rile recipients.\" data-title=\"Share A PDF attached to one email included a photo of a living pigeon alongside a cooked one. ESET said the image aimed to rile recipients. on Twitter\" data-width=\"685\" data-height=\"500\" class=\"post-image-share popitup\" title=\"Share A PDF attached to one email included a photo of a living pigeon alongside a cooked one. ESET said the image aimed to rile recipients. on Twitter\"><i class=\"icon icon--inline icon--twitter--dark\"\/><\/a>A PDF attached to one email included a photo of a living pigeon alongside a cooked one. ESET said the image aimed to rile recipients.<\/figcaption><noscript><img decoding=\"async\" loading=\"lazy\" class=\"size-full wp-image-1404194\" src=\"https:\/\/cdn0.tnwcdn.com\/wp-content\/blogs.dir\/1\/files\/2024\/02\/Screenshot-2024-02-22-at-16.46.20.png\" alt=\"A PDF attached to one of the disinformation emails that suggested eating \" pigeon=\"\" risotto.=\"\" width=\"1310\" height=\"890\" srcset=\"https:\/\/cdn0.tnwcdn.com\/wp-content\/blogs.dir\/1\/files\/2024\/02\/Screenshot-2024-02-22-at-16.46.20.png 1310w, https:\/\/cdn0.tnwcdn.com\/wp-content\/blogs.dir\/1\/files\/2024\/02\/Screenshot-2024-02-22-at-16.46.20-280x190.png 280w, https:\/\/cdn0.tnwcdn.com\/wp-content\/blogs.dir\/1\/files\/2024\/02\/Screenshot-2024-02-22-at-16.46.20-199x135.png 199w, https:\/\/cdn0.tnwcdn.com\/wp-content\/blogs.dir\/1\/files\/2024\/02\/Screenshot-2024-02-22-at-16.46.20-397x270.png 397w, https:\/\/cdn0.tnwcdn.com\/wp-content\/blogs.dir\/1\/files\/2024\/02\/Screenshot-2024-02-22-at-16.46.20-796x541.png 796w\"\/><\/noscript><\/figure>\n<p>The PSYOPs campaign joins the <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/en.wikipedia.org\/wiki\/Firehose_of_falsehood\">\u201cfirehouse of falsehood\u201d<\/a> that has targeted Ukraine since Russia\u2019s full-scale invasion.<\/p>\n<p>To tackle such disinformation, ESET recommends a mix of smart email filtering,\u00a0education, and double-checking.<\/p>\n<p>\u201cAdditionally, using trusted fact-checking services can help individuals and organisations verify the validity of contentious information,\u201d Jake Moore, Global Cybersecurity Advisor at ESET, told TNW.<\/p>\n<p>\u201cLastly, if you spot a dodgy source of disinformation, it can help reduce the spread by notifying the email service provider by placing it in the spam folder.\u201d\n                        <\/p><\/div>\n<p><script async src=\"\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n<blockquote><p><strong><span style=\"color: #ff6600;\">If you liked the article, do not forget to share it with your friends. Follow us on\u00a0<span style=\"color: #ff0000;\"><a style=\"color: #ff0000;\" href=\"https:\/\/news.google.com\/publications\/CAAqBwgKMN63nwsw68G3Aw\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">Google News<\/a><\/span>\u00a0too, click on the star and choose us from your favorites.<\/span><\/strong><\/p><\/blockquote>\n<blockquote>\n<p style=\"text-align: center;\"><strong>If you want to read more like this article, you can visit our <span style=\"color: #ff9900;\"><a style=\"color: #ff9900;\" href=\"https:\/\/en.buradabiliyorum.com\/technology\/\" target=\"_blank\" rel=\"noopener\">Technology category.<\/a><\/span><\/strong>\n<\/p><\/blockquote>\n<p><span style=\"color: black;\"><a style=\"color: #ff9900;\" href=\"https:\/\/thenextweb.com\/news\/new-russian-psyops-mix-disinformation-spam-and-navalny\" target=\"_blank\" rel=\"noopener\">Source<\/a><\/span><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Researchers have discovered a Russia-aligned PSYOPs campaign with a curious mix of espionage, disinformation, and Canadian pharmacy spam. It also has links to Alexi Navalny, the Kremlin critic who died last week in an Arctic penal colony. The PSYOPs \u2014 a military term for \u201cpsychological operations\u201d \u2014 were\u00a0unearthed by analysts at ESET, a cybersecurity firm&#8230;<\/p>\n","protected":false},"author":1,"featured_media":609797,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/img-cdn.tnwcdn.com\/image\/tnw-blurple?filter_last=1&fit=1280,640&url=https:\/\/cdn0.tnwcdn.com\/wp-content\/blogs.dir\/1\/files\/2024\/02\/Untitled-design-4.jpg&signature=50b0139013d4bd775cd6e4b780d5d0f6","fifu_image_alt":"","footnotes":""},"categories":[18],"tags":[],"class_list":["post-609796","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-technology"],"_links":{"self":[{"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/posts\/609796","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/comments?post=609796"}],"version-history":[{"count":0,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/posts\/609796\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/media\/609797"}],"wp:attachment":[{"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/media?parent=609796"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/categories?post=609796"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/tags?post=609796"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}