Search CRC

Doppelganger in Germany Author: Ari Ben Em, Florian Frank Editor: Leiv Schink Executive Summary The Doppelganger  operation represents a sophisticated Russian online influence campaign, leveraging over 700 domains to disseminate disinformation across key Western nations, particularly Germany. Through AI-generated content and complex obfuscation techniques, it aims to undermine political cohesion, especially regarding Ukraine. As a focal point in Europe, Germany's strategic importance makes it highly susceptible to such influence operations. This report delves into this persistent threat's tactics, scope, and implications, offering critical insights for understanding and countering modern disinformation warfare.

The hacktivist group Hunt3r Kill3rs recently claimed to have leaked excerpts of classified U.S. government documents , allegedly obtained through a CIA insider reportedly arrested abroad. These leaks, which remain unverified, criticize U.S. military support for Ukraine, particularly the provision of ATACMS missiles. Hunt3r Kill3rs has been linked to potential state-sponsored operations, with some reports suggesting ties to Iranian intelligence. Their activities highlight the growing intersection of hacktivism and geopolitics, raising questions about the motives and authenticity behind such operations and the vulnerabilities they may expose.

A new investigation reveals how fake videos and bots are being used to spread lies about the 2024 U.S. presidential election. With evidence pointing to tactics linked to both Russia and China, this campaign raises serious questions about the lengths some actors will go to to undermine democracy.

Author: Ari Ben Em, Florian Frank Editor: Leiv Schink This report highlights the evolving tactics of the Iranian-linked cyber group ASA (Aria Sepehr Ayandehsazan), formerly Emennet Pasargad. Operating under the IRGC, ASA conducts cyber-enabled influence operations targeting nations like the U.S. and Israel. Their activities include SMS campaigns, disinformation efforts like “Cyber Court,” and exploitation of OSINT for reconnaissance. ASA's technical arsenal includes tools like Shodan, SQLMap, and AI technologies for influence campaigns.

The IDFLeaks campaign, initiated in December 2023, exposed the personal information of over 2,200 Israeli Defense Forces (IDF) personnel, primarily targeting the Israeli Air Force. The hacktivist group Hunt3r Kill3rs, suspected of links to Iranian cyber operations, played a pivotal role in disseminating the data through Telegram and other platforms. While Hamas was initially thought to be responsible for compiling the dossiers, deeper analysis suggests that Iran provided the organizational and technical infrastructure to amplify the campaign, utilizing platforms like Eitaa, an Iranian Telegram alternative.

China’s National Computer Virus Emergency Response Center (CVERC) recently released a new report on Volt Typhoon, further asserting that U.S. government agencies are responsible for espionage and misinformation campaigns against China and other nations. This report, the third in a series, marks the first time CVERC has published such findings in multiple languages, including English, French, German, Japanese, and Chinese, signaling a push to communicate its message globally.

Author: Ari Ben Em, Florian Frank Editor: Leiv Schink This report delves into the U.S.'s failed attempts to destabilize Venezuela's Maduro regime through cyber and influence operations. Despite forming the Venezuela Task Force and deploying significant resources, inconsistencies and misaligned strategies undermined the campaign's impact. The analysis highlights key lessons from these efforts, offering insights into why value-based influence campaigns fell short in a nation grappling with severe economic and humanitarian crises.

The Glassbridge Report, released by Google’s Threat Intelligence Group in collaboration with Mandiant, analyzes a large-scale pro-China influence operation. The operation, named Glassbridge , involves several Chinese PR firms managing networks of inauthentic news sites and wire services designed to promote political messages aligned with the interests of the People's Republic of China (PRC).

Recorded Future’s report on Operation Undercut details a covert influence campaign by Russia’s Social Design Agency (SDA), active since December 2023. The campaign employs AI-generated videos, fake news platforms, and social media to disseminate disinformation. Its objectives include reducing Western support for Ukraine, undermining its leadership, and influencing public perception of significant geopolitical events such as the 2024 U.S. elections.

CrowdStrike’s recent intelligence assessment identifies LIMINAL PANDA as a cyber threat actor aligned with Chinese strategic objectives, particularly in signals intelligence (SIGINT) . The group targets industries and regions linked to China’s interests, employing specialized tools like SIGTRANslator to exploit GSM protocols. While specific indicators, such as Pinyin-based keys and infrastructure patterns, suggest a China nexus, direct attribution remains inconclusive due to overlapping techniques and tools other actors use. This report emphasizes the importance of contextual analysis in understanding attacker behavior, enabling organizations to strengthen defenses against sophisticated cyber threats.