Fraud Management & Cybercrime , Social Media

Russia Uses AI, Evasion Tactics in Disinformation Drive

Ukraine, US and Germany Are Targets of a Doppelganger Influence Operation
Russia Uses AI, Evasion Tactics in Disinformation Drive
Russia-linked Doppelgänger is distributing disinformation for Ukrainian, U.S. and German audiences. (Image: Shutterstock)

A Russia-linked disinformation campaign known as Doppelgänger is employing advanced obfuscation techniques and likely deploying artificial intelligence to generate content, said security researchers.

See Also: OnDemand | Combatting Rogue URL Tricks: How You Can Quickly Identify and Investigate the Latest Phishing Attacks

Called the "the largest and most aggressively persistent covert influence operation" since 2017 by Facebook, Doppelgänger became active in the months following the Kremlin's February 2022 invasion of Ukraine. Its name comes from a campaign exposed last year by nonprofit EU DisinfoLab in which it used typosquatted domains to impersonate mainstream European media outlets. The European Union in July sanctioned two IT companies behind Doppelgänger.

Recorded Future researchers said Doppelgänger evades attempts to clamp down on its infrastructure through heavy use of web redirects - using one set of websites to generate metadata such as a thumbnail image and title for social media posts but directing the link onto a second website, often hosted on bulletproof providers based in Russia. Among the evidence Recorded Future used to attribute the disinformation sites to Doppelgänger was the group's repeated use of the same Russian hosting provider. Doppelgänger also likes to use Keitaro Traffic Distribution System, an analytics platform used for advertising that EU DisinfoLab earlier saw Doppelgänger use.

Doppelgänger began impersonating reputable Ukrainian news organizations in November in a campaign that deployed more than 800 social media accounts to promote links to the disinformation. "This influence campaign almost certainly targets Ukrainian audiences with malign narratives seeking to undermine Ukrainian morale and public resolve and cast doubt on Ukraine's military capabilities, political stability, and international alliances," Recorded Future said.

In campaigns targeting audiences in the United States and Germany, Doppelgänger tried something new in creating inauthentic news outlets not masquerading as a mainstream outlet. One of the outlets, Electionwatch.lkive, likely hosts AI-generated content. Among the tell-tale signs: copious use of transitional words such as "moreover" and "furthermore" and final paragraphs that start with "in conclusion."

Perhaps because much of the content is AI-generated, Election Watch "lacks any significant bias, possibly due to the lack of personality and opinion associated with AI authorship." Other inauthentic outlets aimed at American readers maintain a critical tone about LGBTQ+ inclusivity and the capabilities of the American military.

Doppelgänger's inauthentic German outlets such as,, appear to stoke nationalist and anti-immigrant sentiment and propagate a narrative of Germany decline.

In a quarterly threat assessment released last Thursday, Meta said that it had found a new cluster of websites linked to Doppelgänger's that are targeted toward U.S. and European political affairs, including migration and border security. Meta and Recorded Future named Election Watch as an example of disinformation.

About the Author

Mihir Bagwe

Mihir Bagwe

Principal Correspondent, Global News Desk, ISMG

Bagwe previously worked at CISO magazine, reporting the latest cybersecurity news and trends and interviewing cybersecurity subject matter experts.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing, you agree to our use of cookies.