The US Treasury Department’s Office of Foreign Assets Control (OFAC) on Wednesday announced sanctions against two 46-year-old Russian citizens and their respective companies for engaging in cyber influence operations.
Ilya Andreevich Gambashidze (Gambashidze), founder of the Moscow company Social Design Agency (SDA), and Nikolai Aleksandrovich Tupikin (Tupikin), CEO and current owner of the Russian company Group Structura LLC (Structura), were accused of providing services to the government Russian in connection with a “foreign malign influence campaign.”
The disinformation campaign is being tracked by the wider cybersecurity community under the name Doppelganger, known for targeting audiences in Europe and the US using unauthentic news sites and social media accounts.
“SDA and Structura have been identified as key players in the campaign, responsible for delivery [the Government of the Russian Federation] with a variety of services, including the creation of websites designed to impersonate government organizations and legitimate media outlets in Europe,” the Treasury said.
Both Gambashidze and Tupikin were accused of orchestrating a campaign in the fall of 2022 that created a network of more than 60 sites designed to masquerade as legitimate news websites and fake social media accounts to spread content from those spoofed sites .
The department said the fake websites were created with the intent to mimic the look of their real counterparts, with the portals including embedded images and working links to legitimate sites and even impersonating cookie consent pages as part efforts to deceive visitors.
Additionally, a closer examination of the two cryptocurrency wallets listed by OFAC as associated with Gambashidze reveals that they received more than $200,000 in USDT on the TRON network, with a significant portion coming from the now-sanctioned Garantex exchange, Chainalysis said.
“He then cashed out the majority of his funds to a single deposit address at a traditional exchange,” the blockchain analytics firm noted. “These transactions highlight Garantix’s continued involvement in the illicit activities of the Russian government.”
Doppelganger, active since at least February 2022, was described by Meta as “the largest and most aggressively persistent Russian-born operation.”
In December 2023, Recorded Future revealed the malicious network’s attempts to leverage generative artificial intelligence (AI) to create inauthentic news articles and produce scalable influencer content.
SDA and Structura, together with Gambashidze, were also subject to sanctions imposed by the Council of the European Union from July 2023 for conducting a digital information manipulation campaign called Recent Reliable News (RRN) aimed at amplifying propaganda claiming support for Russia’s war against Ukraine.
“This campaign […] relies on fake web pages that usurp the identity of national media and government websites, as well as fake social media accounts,” the Council said at the time. “This coordinated and targeted manipulation of information is part of a larger Russia’s broad hybrid campaign against the EU and its member states”.
The development comes as the US House of Representatives unanimously passed a bill (Protecting Americans’ Data from Foreign Adversaries Act, or HR7520) that would prevent data brokers from selling Americans’ sensitive data to foreign adversaries, including including China, Russia, North Korea and other countries. Iran.
It also comes a week after Congress passed another bill (Protecting Americans from Foreign Adversary Controlled Applications Act, or HR7521) that seeks to force Chinese company ByteDance to divest popular video-sharing platform TikTok within six months, under penalty the risk of a ban, due to national rules. safety issues.