The Moscow-based company, which was sanctioned by the US earlier this year, has been involved in separate influence operations aimed at turning public opinion against Ukraine and stripping it of Western support since at least December 2023. It is said that
The covert campaign, conducted by the Social Design Agency (SDA), utilized videos enhanced using artificial intelligence (AI) and fake websites masquerading as trusted news sources to target countries across Ukraine, Europe, and the United States. is targeting an audience of It has been dubbed “Operation Undercut” by Record Future’s Insikt group. .
“This operation is being carried out in parallel with other campaigns such as Doppelgänger and aims to discredit Ukraine’s leadership, question the effectiveness of Western aid, and inflame socio-political tensions. ” said the cybersecurity company.
“The campaign also seeks to deepen divisions by shaping the narrative around the 2024 US election and geopolitical conflicts such as the Israel-Gaza situation.”
The Social Design Agency has previously been linked to Doppelganger, who uses a network of social media accounts and unauthentic news sites to sway public opinion. The company and its founders were sanctioned by the United States in early March, along with another Russian company known as Structura.
Operation Undercut shares infrastructure with both Doppelganger and Operation Overlord (also known as Matryoshka and Storm-1679). Operation Overlord is a Russian-aligned influence campaign that uses a combination of fake news to undermine the 2024 French elections, the Paris Olympics, and the U.S. presidential election. sites, false fact-checking resources, and AI-generated voices.
The latest campaign is no different, exploiting users’ trust in trusted media brands and leveraging AI-powered videos and images that mimic media sources to make them more trustworthy. No fewer than 500 accounts across various social media platforms have been used to amplify the content, including 9gag and America’s Best Photos and Videos.
Additionally, the operation was found to be promoting CopyCop (also known as Storm-1516) content using trending hashtags in targeted countries and languages in order to reach a wider audience. I am.
“Operation Undercut is part of Russia’s broader strategy to destabilize Western alliances and portray Ukraine’s leadership as incompetent and corrupt,” Recorded Future said. “SDA aims to amplify anti-Ukrainian sentiment by targeting European and American audiences and reduce the flow of military aid to Ukraine from the West.”
APT28 carries out nearest neighbor attack
The disclosure comes after the Russia-linked APT28 (also known as GruesomeLarch) threat actor was observed infiltrating U.S. businesses in early February 2022 using an unusual technique known as a nearest neighbor attack. . Target Wi-Fi range.
The ultimate goal of the attack on this anonymous organization, which took place just before Russia’s invasion of Ukraine, was to collect data from individuals with projects or expertise actively involved in the state.
“GruesomeLarch was ultimately able to infiltrate the (organization’s) network by connecting to the corporate Wi-Fi network,” Volexity said. “The attackers accomplished this by daisy-chaining approaches that compromised multiple organizations in close proximity to their intended targets.”
This attack performs a password spray attack on public-facing services on a corporate network to obtain valid wireless credentials, exploiting the fact that multiple access is not required to connect to the corporate Wi-Fi network. It is said that this was achieved by using Factor authentication.
According to Volexity, its strategy involves infiltrating a second organization across the street from the target, using that organization as a conduit to move laterally within the network, and using previously acquired credentials. The goal was to finally connect to the desired company’s Wi-Fi network. Thousands of miles away.
Sean Koessel, Steven Adair, and Tom Lancaster said, “Because we required the use of multi-factor authentication for all internet-facing resources, a compromise of these credentials alone would not provide access to a customer’s environment. It was.” “However, the Wi-Fi network was not protected by MFA, meaning the only requirements to connect were proximity to the target network and valid credentials.”
