exclusive
Pro-Russian hackers are said to have attempted to demoralize Ukrainians in Europe with a campaign. According to information from an IT security company, the hackers also used domains related to Navalny.
Last fall, pro-Russian hackers deliberately sent hundreds of deceptively real-looking emails that appeared to come from Ukrainian authorities.
The PDF documents attached to the emails claimed to prepare the population for upcoming shortages of food and energy supplies. The practical survival tips called for eating nettles and pigeons and the images were intended to convey disgust and despair.
In another wave of disinformation, Ukrainian citizens at home and abroad were emailed New Year’s greetings, accompanied by advice to make themselves unfit for military service by amputating limbs, “a few minutes of pain for a carefree life,” according to the text.
This was discovered by cyber specialists from the Bratislava-based IT security company ESET. The aim of the emails was to demoralize the Ukrainian population at home and in the EU and to stir up anger against the Ukrainian government. This emerges from a report that… SWR available in advance. ESET has summarized the actions of the still unknown group under the name “Operation Texonto”.
Russian dissidents and supporters of Navalny as targets
According to ESET, some email servers that the hackers used to send disinformation and spam messages gave the impression that they came from Kremlin critics, such as those close to the recently deceased Alexei Navalny. “This means that ‘Operation Texonto’ likely involves spear phishing or other operations targeting Russian dissidents and supporters of the late opposition leader,” an ESET spokesperson tells the SWR.
The domain names used include word combinations such as: “navalny-votes”, “navalny-votesmart” and “navalny-voting”. In spear phishing, an email that is specifically tailored to the target person entices the victim to click on a specific seemingly legitimate link, along with a request to provide the attacker with trustworthy information, such as log-in details or passwords.
Intersection of disinformation and hacking
ESET researcher Matthieu Faou explains in an interview with SWR, how he got on the trail of the hackers: “We initially uncovered a spear phishing campaign.” Between October and November 2023, the hackers tried to obtain login details for Microsoft Office 365 using fake emails from IT support.
When Faou and his ESET team investigated this more closely, they discovered the two so-called PSYOPs. This form of psychological warfare represents another form of cyber warfare. It is the digital development of propaganda leaflets and other means of demoralization.
BSI confirmed Disinformation campaign
The Federal Office for Information Security (BSI) confirms this upon request SWRto have knowledge of the campaign described by ESET. “The BSI assigns these and similar emails to the disinformation category.” The BSI does not know who received the corresponding emails in Germany. “The BSI is also observing that the overlap between disinformation and hacking is increasing worldwide,” says a spokesman for the BSI.
Sandro Gaycken, the founder of Monarch, a company specializing in counterintelligence and disinformation, sees a continuity in Russia’s disinformation since the beginning of the war. “Aimed at Ukrainians, they mostly serve to spread pro-Russian propaganda, to confuse and intimidate,” he tells the newspaper SWR.
“If third parties are the goal, it’s more about discrediting Ukraine in order to weaken international support. This has already worked very well in some countries in Africa and Latin America.” For Gaycken, the main challenge is that these operations are risk-free and cheap. “That’s why they tend to be widely used,” says Gaycken.
Attacks on European Union facilities
According to ESET, the target of the spear phishing attacks of “Operation Texonto” was the login data of high-ranking employees of a Ukrainian defense company and also those of an EU agency. CERT-EU, the cybersecurity service for European Union institutions, analyzed 177 such attacks on EU institutions or their surroundings in 2023 alone. Based on information from reliable sources, the Russian Federation was one of the countries with which threat actors were most frequently contacted were connected.
When asked about the specific spear phishing attack that ESET researchers analyzed, a spokesman for the European Commission explained that they could not comment on specific incidents against the institutions, bodies, offices and agencies of the European Union. “We are aware, however, that the Union’s institutions, by virtue of their mission and nature, are attractive targets for cyber threat actors.”
IT infrastructure shut down
The IT infrastructure used as part of “Operation Texonto” was last used in January and, according to ESET, has now been switched off, but further PSYOPs are expected in the coming months, which could be aimed at Western countries. “They could try to divide the population over aid to Ukraine,” says ESET researcher Matthieu Faou.
In order to protect yourself against such disinformation and spear phishing emails, the BSI refers to the basic recommendations when receiving emails: check senders, question and verify sources, and train general media skills.