The Americans accused the Russian special services of trying to misinform half of Europe


Specialists of the Insikt Group division of the American information security company Recorded Future spoke about what they called a "long-term operation with Russia" on disinformation called Operation Secondary Infektion. The Insikt Group first reported it in April 2020 and has now released new details, including a tactics, techniques and procedures (TTP) analysis.


The name Operation Secondary Infektion has something in common with Operation Infektion, an operation carried out by the GDR Ministry of State Security in the 1980s. The campaign, also known as Operation Denver, was to convince the world that HIV / AIDS was developed in a laboratory at the Fort Detrick military base in Maryland, USA. According to KGB reports, the virus "got out of control" and entered the environment. Only in 1992, after the collapse of the USSR, the then director of the Russian Foreign Intelligence Service, Yevgeny Primakov, admitted that the KGB was behind Operation Infektion.


Like Operation Infektion, the Operation Secondary Infektion campaign, launched in 2014, also relies on fake media to spread the word to local sources to get it into mainstream news.


The operators behind Secondary Infektion are showing great interest in the affairs and internal problems of the governments of the countries of the former Soviet bloc. However, the operation proved to be ineffective in spreading the "necessary" strategic information to large information platforms like Reddit due to the implemented account lockout policies, forum moderation and the community's ability to recognize attempts to spread propaganda.


The campaign used politically and socially divisive narratives prevalent in American society to advance strategic goals for populations speaking Russian, Ukrainian, and other regional languages.


Although to date, Operation Secondary Infektion has only used one-off characters to spread misinformation, researchers have identified at least two people being used more than once. One of them mimics the Anonymous branch of the hacktivist movement, while the other poses as a French-speaking Armenian blogger.


Until now, tactics, techniques and procedures of Operation Secondary Infektion still use almost exclusively static media, that is, “photoshopped” screenshots and images of forged documents. While there is currently no evidence of their use, it is possible, albeit unlikely, that those behind the operation will continue to use deepfakes, altered video, and edited audio.


According to Insikt Group, Operation Secondary Infektion is still ongoing. Although its activity began to decline after a peak in 2014-2020, researchers are confident that the operation "will almost certainly continue."

Previous Post Next Post