SecurityBrief UK - Technology news for CISOs & cybersecurity decision-makers
Story image
Doppelgänger: Russia's suspected influence operation targets Germany
Wed, 28th Feb 2024

Recent research by SentinelLabs examines Doppelgänger, a suspected Russian influence operation, targeting primarily German audiences. SentinelLabs, and co-researcher ClearSky Cyber Security, have been observing the behaviour of Doppelgänger since late November 2023, following reports from the German Ministry of Foreign Affairs and Der Spiegel on similar activities.

Doppelgänger's activities began with anti-Ukraine content amid tensions of the Russo-Ukrainian conflict, and have since expanded, including territories such as the US, Israel, France, and especially Germany. They exploit current socio-economic and geopolitical topics relevant to the general populous and use these outlets to criticise Germany's ruling coalition and its support for Ukraine. The researchers think that these actions are an attempt to influence public opinion ahead of the nation's upcoming European Parliament, municipal, and federal state elections, which will culminate in the federal government elections in 2025.

As SentinelLabs spotted this activity, both the German Ministry of Foreign Affairs and Der Spiegel published independent reports, indicating a growing concern of potential election interference. Overlapping activities were reported by Recorded Future and Meta, noting similar instances of disinformation, fine-tuning SentinelLabs' observations to reassess that this activity is not sporadic but a persistent one.

At the forefront of Doppelgänger's tactics is the orchestrated operation of numerous X accounts (formerly known as Twitter) that spread content aligning with the agenda of the Doppelgänger network, including both third-party sites and sites created by Doppelgänger itself. The use of such accounts bends towards the creation of a large, organised network that redirects visitors through two stages to the final 'destination' articles. These stages implement obfuscation and tracking techniques which, when coupled with observed infrastructure management, underscore Doppelgänger’s determination to not only stay functional but also keep tabs on the effectiveness of their influence operations.

SentinelLabs and ClearSky Cyber Security's findings concisely brief their findings; from having tracked the operations of the suspected Russia-aligned influence operation network, they could see the network's efforts on disseminating content criticising the ruling coalition in Germany and its support for Ukraine. All these efforts seem to align towards an overall motive of influencing public perception before the upcoming elections in Germany.

SentinelLabs' research suggests Doppelgänger represents an active tool of information warfare that strategically uses propaganda and disinformation to shape public perception, exploiting social media and present-day geopolitical and socio-cultural themes. The researchers, expecting this operation to continue evolving and persisting in Germany and other Western countries, particularly anticipate an escalation before major impending elections across the EU and USA. Doppelgänger hinge their projects on evolving use of infrastructure and obfuscation to make their activities hard to discern and dismantle. Therefore, as SentinelLabs suggest, countering influence operations needs a thorough approach to increase public awareness and media literacy, enabling identification and resistance of manipulation. This should be along with swift actions by social media platforms and infrastructure operators to restrict the spread of such propaganda and disinformation online.

To further the understanding of this potential threat and mitigate its impact on society, SentinelLabs will continue monitoring Doppelgänger's activities and act promptly on reporting its operations.