Today, the U.S. Justice Department said the FBI seized 32 web domains used by the Doppelgänger Russian-linked influence operation network in a disinformation campaign targeting the American public ahead of this year’s presidential election.
According to court documents, Doppelgänger is believed to be linked to Russian companies Social Design Agency (SDA), Structura National Technology (Structura), and ANO Dialog controlled by the Russian Presidential Administration (i.e., the First Deputy Chief of Staff of the Presidential Executive Office Sergei Vladilenovich Kiriyenko).
Doppelgänger operatives used the domains (all controlled with the Vesta open source hosting control panel) to spread Russian government propaganda that aimed to promote pro-Russian policies and interests, including reducing international support for Ukraine and influencing voters in U.S. and foreign elections in Germany, Mexico, and Israel, among others.
“At Putin’s direction, Russian companies SDA, Structura, and ANO Dialog used cybersquatting, fabricated influencers, and fake profiles to covertly promote AI-generated false narratives on social media,” said Deputy Attorney General Lisa Monaco.
“Those narratives targeted specific American demographics and regions in a calculated effort to subvert our election.”
The complete list of domains used by Doppelgänger for spreading disinformation that the FBI has seized includes:
ribunalukraine.info, rrn.media, ukrlm.info, faz.ltd, spiegel.agency, lemonde.ltd, leparisien.ltd, rbk.media, 50statesoflie.media, meisterurian.io, artichoc.io, vip-news.org, acrosstheline.press, mypride.press, truthgate.us, warfareinsider.us, shadowwatch.us, pravda-ua.com, waronfakes.com, holylandherald.com, levinaigre.net, grenzezank.com, lexomnium.com, uschina.online, honeymoney.press, sueddeutsche.co, tagesspiegel.co, bild.work, fox-news.top, fox-news.in, forward.pw, and washingtonpost.pm.
Doppelgänger frequently used “cybersquatted” domains crafted to mimic legitimate websites (such as registering washingtonpost.pm to resemble washingtonpost.com and spiegel.agency to impersonate spiegel.de) to spread Russian government messaging falsely portrayed as content from reputable news organizations.
The group sometimes also created its own media brands, like Recent Reliable News, to further disseminate disinformation content.
To increase traffic to these sites, Doppelgänger employed various strategies, including using “influencers,” running paid social media ads (occasionally generated with artificial intelligence), and creating social media profiles that impersonated U.S. or non-Russian citizens.
These profiles were used to post comments with links to the cybersquatting domains, aiming to mislead viewers into thinking they were being redirected to legitimate news media websites.
The Department of Justice also indicted Russian nationals Konstantin Kalashnikov and Elena Afanasyeva, a Digital Media Projects Manager and an employee of RT (formerly Russia Today), a Russian state-controlled media outlet, for orchestrating a $10 million scheme that created and distributed pro-Russia propaganda and disinformation to U.S. audiences.
They published almost 2,000 videos on YouTube that were viewed more than 16 million times through a Tennessee-based proxy online content creation company. The videos were also posted on social media, including TikTok, Instagram, and X (formerly Twitter.
Kalashnikov, Afanasyeva, and eight other RT executives, including Editor-in-Chief Margarita Simonovna Simonyan, as well as a hacking group known as “Russian Angry Hackers Did It” (aka RaHDit) with RT and Russian intelligence services ties, were also sanctioned today by the Treasury’s Office of Foreign Assets Control (OFAC).
“RT, formerly Russia Today, is a Russian state-funded news outlet that began broadcasting internationally in 2005. In 2017, RT registered as an agent of a foreign government in the United States,” OFAC said.
“Beginning in early 2024, RT executives began an effort to covertly recruit unwitting American influencers. RT used a front company to disguise its own involvement or the involvement of the Russian government.”
In August, the U.S. government also warned of increased efforts from Iranian hackers to influence the 2024 presidential election through cyber operations targeting both Presidential campaigns and the American public.
The FBI recently assured the American public that disruptive activity targeting voting infrastructure, such as distributed denial-of-service (DDoS) or ransomware attacks, will not impact the integrity or security of the 2024 U.S. general election processes.