feddit.org

cross-posted from: https://feddit.org/post/3630808

Archived link

Beginning in early August, Check Point Research observed a cyber-enabled disinformation campaign primarily targeting Moldova’s government and education sectors.

Acting ahead of Moldova’s elections on October 20th, attackers behind this campaign likely seek to foster negative perceptions of European values and the EU membership process in addition to Moldova’s current pro-European leadership, with the intent of influencing the outcome of the upcoming fall elections and national referendum.

Following the start of the Russian-Ukrainian war, Moldova, a former Soviet republic, was granted EU candidate status in 2022. A nationwide referendum will be held on October 20, 2024, simultaneously with the presidential election, to determine whether the constitution should be amended to reflect the citizens’ desire for EU membership. Incumbent president Maia Sandu is actively campaigning for EU membership.

Check Point Research analyzed the techniques used by the threat actors, whom we track as Lying Pigeon, in their disinformation campaign in Moldova and provide an overview of their different activity clusters in other parts of Europe in the last few years.

Operation MiddleFloor is an ongoing disinformation campaign against Moldovan targets that began in early August. It uses emails as the primary distribution method instead of more common methods such as social networks or fake websites.

• While the campaign disseminates fake emails and documents, it also aims to gather information on the victims’ environments, likely to set the stage for targeted malware attacks.
• The threat actors use spoofed email accounts to disseminate content allegedly originating from European Union institutions, Moldavian ministries, or political figures.
• This campaign exploits multiple sensitive topics and fears related to the current pro-European government and Moldova’s potential EU membership. These include concerns about gas supply and fuel prices ahead of winter, LGBT, potential stringent anti-corruption measures, changes in the education system, immigration from the Middle East, and general labor market shifts across Moldova and EU countries.
• The actors behind this campaign are Russian-speaking and not fully proficient in English. Based on the Tactics, Techniques, and Procedures (TTPs), targeting, and distributed messages, Lying Pigeon appears to be aligned with Russian interests.
• Check Point Research linked Lying Pigeon to previously unattributed clusters of activity across Europe. Since early 2023, Lying Pigeon activity has been observed in several European locations related to the following themes:

cross-posted from: https://feddit.org/post/3630808

Archived link

Beginning in early August, Check Point Research observed a cyber-enabled disinformation campaign primarily targeting Moldova’s government and education sectors.

Acting ahead of Moldova’s elections on October 20th, attackers behind this campaign likely seek to foster negative perceptions of European values and the EU membership process in addition to Moldova’s current pro-European leadership, with the intent of influencing the outcome of the upcoming fall elections and national referendum.

Following the start of the Russian-Ukrainian war, Moldova, a former Soviet republic, was granted EU candidate status in 2022. A nationwide referendum will be held on October 20, 2024, simultaneously with the presidential election, to determine whether the constitution should be amended to reflect the citizens’ desire for EU membership. Incumbent president Maia Sandu is actively campaigning for EU membership.

Check Point Research analyzed the techniques used by the threat actors, whom we track as Lying Pigeon, in their disinformation campaign in Moldova and provide an overview of their different activity clusters in other parts of Europe in the last few years.

Operation MiddleFloor is an ongoing disinformation campaign against Moldovan targets that began in early August. It uses emails as the primary distribution method instead of more common methods such as social networks or fake websites.

• While the campaign disseminates fake emails and documents, it also aims to gather information on the victims’ environments, likely to set the stage for targeted malware attacks.
• The threat actors use spoofed email accounts to disseminate content allegedly originating from European Union institutions, Moldavian ministries, or political figures.
• This campaign exploits multiple sensitive topics and fears related to the current pro-European government and Moldova’s potential EU membership. These include concerns about gas supply and fuel prices ahead of winter, LGBT, potential stringent anti-corruption measures, changes in the education system, immigration from the Middle East, and general labor market shifts across Moldova and EU countries.
• The actors behind this campaign are Russian-speaking and not fully proficient in English. Based on the Tactics, Techniques, and Procedures (TTPs), targeting, and distributed messages, Lying Pigeon appears to be aligned with Russian interests.
• Check Point Research linked Lying Pigeon to previously unattributed clusters of activity across Europe. Since early 2023, Lying Pigeon activity has been observed in several European locations related to the following themes:

Archived link

Beginning in early August, Check Point Research observed a cyber-enabled disinformation campaign primarily targeting Moldova’s government and education sectors.

Acting ahead of Moldova’s elections on October 20th, attackers behind this campaign likely seek to foster negative perceptions of European values and the EU membership process in addition to Moldova’s current pro-European leadership, with the intent of influencing the outcome of the upcoming fall elections and national referendum.

Following the start of the Russian-Ukrainian war, Moldova, a former Soviet republic, was granted EU candidate status in 2022. A nationwide referendum will be held on October 20, 2024, simultaneously with the presidential election, to determine whether the constitution should be amended to reflect the citizens’ desire for EU membership. Incumbent president Maia Sandu is actively campaigning for EU membership.

Check Point Research analyzed the techniques used by the threat actors, whom we track as Lying Pigeon, in their disinformation campaign in Moldova and provide an overview of their different activity clusters in other parts of Europe in the last few years.

Operation MiddleFloor is an ongoing disinformation campaign against Moldovan targets that began in early August. It uses emails as the primary distribution method instead of more common methods such as social networks or fake websites.

• While the campaign disseminates fake emails and documents, it also aims to gather information on the victims’ environments, likely to set the stage for targeted malware attacks.
• The threat actors use spoofed email accounts to disseminate content allegedly originating from European Union institutions, Moldavian ministries, or political figures.
• This campaign exploits multiple sensitive topics and fears related to the current pro-European government and Moldova’s potential EU membership. These include concerns about gas supply and fuel prices ahead of winter, LGBT, potential stringent anti-corruption measures, changes in the education system, immigration from the Middle East, and general labor market shifts across Moldova and EU countries.
• The actors behind this campaign are Russian-speaking and not fully proficient in English. Based on the Tactics, Techniques, and Procedures (TTPs), targeting, and distributed messages, Lying Pigeon appears to be aligned with Russian interests.
• Check Point Research linked Lying Pigeon to previously unattributed clusters of activity across Europe. Since early 2023, Lying Pigeon activity has been observed in several European locations related to the following themes: