Search CRC

The IDFLeaks campaign, initiated in December 2023, exposed the personal information of over 2,200 Israeli Defense Forces (IDF) personnel, primarily targeting the Israeli Air Force. The hacktivist group Hunt3r Kill3rs, suspected of links to Iranian cyber operations, played a pivotal role in disseminating the data through Telegram and other platforms. While Hamas was initially thought to be responsible for compiling the dossiers, deeper analysis suggests that Iran provided the organizational and technical infrastructure to amplify the campaign, utilizing platforms like Eitaa, an Iranian Telegram alternative.

China’s National Computer Virus Emergency Response Center (CVERC) recently released a new report on Volt Typhoon, further asserting that U.S. government agencies are responsible for espionage and misinformation campaigns against China and other nations. This report, the third in a series, marks the first time CVERC has published such findings in multiple languages, including English, French, German, Japanese, and Chinese, signaling a push to communicate its message globally.

Author: Ari Ben Em, Florian Frank Editor: Leiv Schink This report delves into the U.S.'s failed attempts to destabilize Venezuela's Maduro regime through cyber and influence operations. Despite forming the Venezuela Task Force and deploying significant resources, inconsistencies and misaligned strategies undermined the campaign's impact. The analysis highlights key lessons from these efforts, offering insights into why value-based influence campaigns fell short in a nation grappling with severe economic and humanitarian crises.

The Glassbridge Report, released by Google’s Threat Intelligence Group in collaboration with Mandiant, analyzes a large-scale pro-China influence operation. The operation, named Glassbridge , involves several Chinese PR firms managing networks of inauthentic news sites and wire services designed to promote political messages aligned with the interests of the People's Republic of China (PRC).

Recorded Future’s report on Operation Undercut details a covert influence campaign by Russia’s Social Design Agency (SDA), active since December 2023. The campaign employs AI-generated videos, fake news platforms, and social media to disseminate disinformation. Its objectives include reducing Western support for Ukraine, undermining its leadership, and influencing public perception of significant geopolitical events such as the 2024 U.S. elections.

CrowdStrike’s recent intelligence assessment identifies LIMINAL PANDA as a cyber threat actor aligned with Chinese strategic objectives, particularly in signals intelligence (SIGINT) . The group targets industries and regions linked to China’s interests, employing specialized tools like SIGTRANslator to exploit GSM protocols. While specific indicators, such as Pinyin-based keys and infrastructure patterns, suggest a China nexus, direct attribution remains inconclusive due to overlapping techniques and tools other actors use. This report emphasizes the importance of contextual analysis in understanding attacker behavior, enabling organizations to strengthen defenses against sophisticated cyber threats.

Correctiv, in collaboration with Qurium, has disrupted the infrastructure of Doppelganger , a Russian-linked propaganda operation. Their investigation uncovered the group’s use of advanced cloaking services  to bypass social media controls and spread disinformation via fake news sites mimicking major outlets. Evidence also connects Doppelganger to the Russian Ministry of Defense , suggesting possible state support. This case demonstrates how investigative journalism combined with action can effectively combat disinformation campaigns.

China’s Influence War on the EV Market: As economies digitize, cyber influence operations increasingly target financial systems, supply chains, and intellectual property. Emerging actors like "influence mercenaries" blur state and private aggression, as seen with China's robust response to Western tariffs on its EV market. Using state media, influencers, and bots, China counters criticism and promotes its economic dominance, showcasing the growing role of digital influence in global power dynamics.

Author: Ari Ben Em, Florian Frank Editor: Leiv Schink The recent blog report reveals how Russia, Iran, and China are actively working to influence the 2024 U.S. election. Using tactics like fake videos, anti-election messaging, and targeting local races, each country employs specific strategies to create distrust in the electoral process and deepen divisions within the U.S., aiming to impact public confidence in the nation’s democracy.

Author: Ari Ben Em, Florian Frank Editor: Leiv Schink This report examines UNC5812, a suspected Russian actor conducting hybrid cyber-espionage and influence operations against Ukrainian military recruits. Combining spyware, social engineering, and anti-mobilization propaganda, the campaign leverages platforms like Telegram to disseminate malware and anti-recruitment messaging. Through deceptive tactics and widespread amplification, the operation highlights Russia's strategic efforts to undermine Ukraine's military and societal stability.