Operation “Doppelganger”: what the FBI knows about Russia’s latest fake news assault on Ukraine
Fake Fox News and Washington Post, crypto, AI, and 2,800 influencers to cause "nuclear psychosis": meet Russia's fresh strategy to undermine support for Ukraine
The United States Federal Bureau for Investigation (FBI) has revealed details of Russia’s extensive disinformation campaign aimed at manipulating public opinion in the West.
This disinformation campaign, known as “Doppelganger” (from the German word “Doppelgänger,” which refers to a double of a living person, often in ghostly form), involved creating fake versions of major news outlets to spread pro-Russian narratives and undermine support for Ukraine.
This article summarizes key findings from court documents filed by the FBI in the eastern district of Pennsylvania, United States, where the case of this large-scale Russian disinformation campaign is being examined.
Key Points:
- Russia created a network of at least 60 fake news sites mimicking major Western media outlets, such as Reuters, Fox News, Bild, Der Spiegel, and The Washington Post, among many others.
- The campaign aimed to spread pro-Russian narratives and undermine support for Ukraine.
- Operated by Russian government officials and tech companies, the operation targeted the US, several European countries, Mexico, and Israel.
- The campaign used sophisticated methods, including AI, targeted advertising, and crypto payments to hide its origins.
Organization of the Doppelganger campaign
The FBI investigation revealed that the Doppelganger campaign was orchestrated by high-ranking Russian officials, including Sergei Kiriyenko, the First Deputy Chief of Staff of the Presidential Administration of Russia. Operating since at least May 2022, the operation was executed through organizations under his control:
- Social Design Agency (SDA);
- Structura National Technology (Structura);
- ANO Dialog.
These entities, deeply embedded within the Russian government apparatus, focused their efforts on influencing election campaigns, deploying bot networks, designing deceptive websites, and coordinating sophisticated information systems.
The FBI agent’s testimony highlighted the close ties between these organizations and various Russian government bodies, including the Ministry of Internal Affairs.
Other key figures in the operation include:
- Ilya Gambashidze: A political technologist and co-founder of Structura, Gambashidze played a pivotal role in planning and implementing the disinformation strategies. His detailed notes, obtained by investigators, provide a glimpse into the inner workings of the campaign.
- Nikolai Tupikin: Current leader of Structura, working in tandem with Gambashidze to further the Kremlin’s agenda. Both Gambashidze and Tupikin now find themselves under US sanctions for their roles in promoting Russian government interests and deceiving American citizens.
- Sofia Zakharova: An official from the Russian Department for Information and Communication Technology Development, Zakharova spearheaded the campaign in Europe and Ukraine. Her involvement highlights the direct link between the Kremlin and the disinformation machinery.
The Doppelganger campaign created over 60 counterfeit websites that closely mimicked the design and content of popular Western media outlets such as Fox News and The Washington Post. These fake sites published a mix of genuine news and skillfully crafted false stories to manipulate public opinion.
Key aspects of the operation included copying the layout, design, and branding of legitimate news sites. Furthermore, genuine links were embedded to create the illusion of authenticity. The counterfeit websites published articles under the names of real journalists with their photos and bylines.
The ”domains appear virtually identical to their legitimate media counterparts, including through the use of the same layout and design, as well as the same trademarks, logos, and slogans,” the document reads.
Thereafter, social media bots were used to spread links to the fake articles. Specific demographics were targeted, while reactions were monitored in real-time by the Russian operatives.
Divide and conquer
As the court documents show, the Doppelganger campaign extended far beyond simple news manipulation. Court documents reveal that the operation contained multiple targets and objectives:
- Targeted elections in the United States
- Aimed to leave Ukraine without international support
- Sought to demonize the current Ukrainian government
- Attempted to create conflicts between nations
- Planned to influence elections abroad
- Tried to use pro-Russian politicians to lobby for Kremlin-friendly decisions
The Doppelganger campaign was not a one-size-fits-all operation. Instead, it employed tailored strategies for different regions and demographics.
Regarding Ukraine, the primary goal was to erode international support for Kyiv and tarnish the image of its current government. By spreading doubt and misinformation, the campaign sought to isolate Ukraine on the global stage and justify Russian aggression.
With regards to the United States, the focus was on the upcoming 2024 presidential election, the operation targeted specific ethnic and religious groups, particularly Mexican and Jewish communities. This approach aimed to exploit existing social divisions and sway voter opinions.
Europe was also targeted, with the campaign spreading pro-Russian narratives across the continent, attempting to sow discord among European nations and weaken the united front against Russian aggression. Special attention was paid to Germany, France, Italy, and the United Kingdom.
Lastly, the operation also targeted Israel. Here, a unique strategy was employed to “pull Israel out of the general Western anti-Russian agenda.” This involved tailored messaging to both Israeli citizens and the global Jewish diaspora. it included detailed instructions on how Russian operatives should impersonate Jews to promote specific narratives:
One document outlined the goal with regards to Israel: ”At present, the situation in the state of Israel seems very favorable for launching a major project aimed at influencing public opinion. The goal of such influence is to rip Israel out of the general Western anti-Russian agenda and to create a sustainable public opinion which would deem neo-Nazism and dictatorship in Ukraine, rendering aid to neo-Nazis, and, therefore, the escalation of the conflict by the West and helping anti-Russian political emigration unacceptable.”
The FBI investigation unearthed a trove of information in the form of meeting notes. These documents provide a glimpse into the planning and execution of the Doppelganger campaign.
In one particular note dated 16 April 2022, Gambashidze records Kiriyenko’s instructions to create ”nuclear psychosis” in the West. In addition, as stated in the notes, the goal was to convince Europeans that the ”USA have been prepping Europe for a big war with the Russian Federation.”
As Western agencies and tech companies began to catch on to the Doppelganger campaign, the operatives adapted their tactics. An internal SDA document titled “Countermeasures by Foreign Agencies and Organizations” acknowledged that there are growing concerns among Western agencies about the effectiveness of the Russian campaign in their respective countries.
In response, SDA proposed to intensify their efforts by increasing bot activity across social media platforms to achieve a more aggressive promotion of Russian narratives through comments and posts, in addition to a goal of up to 60,000 posts monthly targeting France and Germany alone.
Perhaps just as striking is the fact that the database contains a separate list of over 1,900 ”anti-influential” individuals who published content contradicting Russian goals. This level of data collection and analysis allowed the Doppelganger operators to fine-tune their messaging and target receptive audiences with precision.
Technical aspects
One of the most technically complex aspects of the Doppelganger campaign was its domain rental scheme. The FBI investigation uncovered a sophisticated operation involving the rental of domains from American companies like Namecheap, NameSilo, and GoDaddy.
Four individuals, referred to in the investigation as Kethorn, Kamkopek, Kaspartil, and Angulet, were at the center of this scheme. They employed a variety of tactics to mask their activities:
- Use of cryptocurrency for payments;
- Multiple layers of fund transfers to obscure the money’s origin;
- Exploitation of credit cards registered to US-based agents.
A key figure in this operation, known only as “Konstantin,” claimed to be “a simple point-to-point exchanger” when questioned by US law enforcement on 7 March 2024. However, further investigation revealed that most transactions occurred during Moscow working hours. Furthermore, associated IP addresses were previously linked to cybercrime activities by the cybersecurity company Spur. This high level of technical complexity suggests that this case involved state-level support, as argued by the FBI agent.
The FBI agent said that “this layering on top of layering of VPSs and operational email addresses, like Russian nesting dolls, are indicative of a high level of technical sophistication evidencing an intentional, willful desire to conceal identities and whereabouts that is commonly associated with state-sanctioned action.”
Weaponized information in the digital age
The Doppelganger campaign reveals sophisticated methods of creating and disseminating false information, combined with targeted approaches for different regions and demographics.
More specifically, the campaign shows that the Kremlin’s conduct as part of the Doppelganger campaign aligns with its broader influence operations targeting other countries. Identifying these mechanisms, exposing them, and punishing such actions may help weaken Russia’s disinformation capabilities temporarily and force it to adapt its activities in this field, but it will not stop such efforts altogether.
However, uncovering these patterns can raise awareness among Western decision-makers and the public about the information threats emanating from Russia, enabling them to develop a more effective and comprehensive response.
In addition, analysts note that this should take into account the evolution of these tactics over time, recognizing that the promoted content often avoids direct references to the Kremlin and is shaped by analyses of public sentiment and audience sensitivities.
The testimony serves as a stark reminder of the ongoing information warfare that Russia conducts across the globe to further its own goals. Its implications reach far beyond any single election or news cycle and contain the potential for reshaping domestic politics and public trust in media institutions and democracy. Furthermore, the Doppelganger campaign serves as a wake-up call, highlighting the urgent need for a global response to the threat of weaponized information in the digital age.
”Disinformation knows no borders. All people, journalists, and policymakers should be mindful of the media they choose to inform their thoughts and actions. The battle against deception, disinformation and misinformation requires collective action, transparency, and an unwavering commitment to truth.” As noted by the US Cyber Command
Related:
- Russian hackers adopt new cyberwarfare tactics against Ukraine
- From Putin’s office to your timeline: hack exposes new Russian troll army
- Russian hackers claim responsibility for attack on Spanish defense contractor that refurbishes Leopard tanks for Ukraine
- Ukraine’s intelligence launches cyberattack on Russian war-linked resources
- Reuters: US offers $10 mln reward for info on Russian hacker for cyber attack on Ukraine and its allies