The U.S. Treasury Department's Office of Foreign Assets Control (OFAC) on Wednesday announced sanctions against two 46-year-old Russian nationals and the respective companies they own for engaging in cyber influence operations.
Ilya Andreevich Gambashidze (Gambashidze), the founder of the Moscow-based company Social Design Agency (SDA), and Nikolai Aleksandrovich Tupikin (Tupikin), the CEO and current owner of Russia-based Company Group Structura LLC (Structura), have been accused of providing services to the Russian government in connection to a "foreign malign influence campaign."
The disinformation campaign is tracked by the broader cybersecurity community under the name Doppelganger, which is known to target audiences in Europe and the U.S. using inauthentic news sites and social media accounts.
"SDA and Structura have been identified as key actors of the campaign, responsible for providing [the Government of the Russian Federation] with a variety of services, including the creation of websites designed to impersonate government organizations and legitimate media outlets in Europe," the Treasury said.
Both Gambashidze and Tupikin have been accused of orchestrating a campaign in the Fall of 2022 that created a network of over 60 sites designed to masquerade as legitimate news websites and fake social media accounts to disseminate the content originating from those spoofed sites.
The department said the fake websites were built with an intent to mimic the appearance of their actual counterparts, with the portals including embedded images and working links to the legitimate sites and even impersonated the cookie consent pages as part of efforts to trick visitors.
Furthermore, a closer examination of the two cryptocurrency wallets listed by OFAC as associated with Gambashidze reveals that they have received more than $200,000 worth of USDT on the TRON network, with a significant chunk originating from the now-sanctioned exchange Garantex, Chainalysis said.
"He then cashed out most of his funds to a single deposit address at a mainstream exchange," the blockchain analytics firm noted. "These transactions highlight Garantex's continued involvement in the Russian government's illicit activities."
Doppelganger, active since at least February 2022, has been described by Meta as the "largest and the most aggressively-persistent Russian-origin operation."
In December 2023, Recorded Future revealed attempts by the malignant network to leverage generative artificial intelligence (AI) to create inauthentic news articles and produce scalable influence content.
The U.S. State Department last year also accused the Russian government of financing a "well-funded disinformation campaign" across Latin America through the two companies with an aim to further the country's strategic interests in the region.
"There are coordinated efforts between Russian embassies in Latin America and state-funded media outlets to increase pro-Kremlin messaging, spread anti-U.S. narratives, and develop partnerships among Russian state media, local media outlets and radio stations, perceived pro-Moscow third-country embassies in the region, and local journalists," it said.
SDA and Structura, along with Gambashidze, have also been the subject of sanctions imposed by the Council of the European Union as of July 2023 for conducting a digital information manipulation campaign called Recent Reliable News (RRN) aimed at amplifying propaganda declaring support for Russia's war against Ukraine.
"This campaign [...] relies on fake web pages usurping the identity of national media outlets and government websites, as well as fake accounts on social media," the Council said at the time. "This coordinated and targeted information manipulation is part of a broader hybrid campaign by Russia against the E.U. and the member states."
While the latest action marks Washington's continued efforts to counter Kremlin-backed deception campaigns, the U.S. is said to have launched its own covert influence operations in 2019 on Chinese social media platforms to turn public opinion against its government through a network of bogus internet identities, Reuters reported last week.
The development comes as the U.S. House of Representatives unanimously passed a bill (Protecting Americans' Data from Foreign Adversaries Act, or H.R.7520) that would bar data brokers from selling Americans' sensitive data to foreign adversaries, counting China, Russia, North Korea, and Iran.
It also arrives a week after Congress passed another bill (Protecting Americans from Foreign Adversary Controlled Applications Act, or H.R.7521) that seeks to force Chinese company ByteDance to divest popular video sharing platform TikTok within six months, or risk facing a ban, due to national security concerns.