Cybersecurity

Report finds Russian disinformation group tied to 2016 elections still active

A report released Tuesday found evidence that a Russian disinformation group that targeted the 2016 U.S. presidential election is still active and targeting U.S. officials and other governments. 

Graphika, a group that analyzes social media, catalogued over 2,500 pieces of content that Russian disinformation group known as “Secondary Infektion” posted on over 300 platforms including social media giants over the last six years.

The group was involved in the wide-ranging Russian effort to spread misinformation and sow discord in the run-up to the 2016 U.S. presidential election, and also attempted to sway elections in France and Sweden over the past three years. 

The group spread disinformation around individuals and groups regarded as enemies of Russian President Vladimir Putin, including former Secretary of State Hillary Clinton, French President Emmanuel Macron, and the World Anti-Doping Agency (WADA), which banned Russian athletes from competing in recent Olympic games due to allegations of drug use.

Secondary Infektion posted about Clinton being in the pay of the Chinese and Saudi Arabian governments, and accused WADA of being in collusion with pharmaceutical companies. 

Among the narratives spread by the group was the U.S. being “aggressive” in interfering with other countries, that Muslims were “invaders,” Europe was weak, Ukraine a failed state, and that the Russian government was “the victim of Western hypocrisy or plots.”

However, Graphika concluded that the group’s main focus was targeting divisions within countries, and that it seemed to work more in parallel than in coordination with the Russian state-backed GRU, the military intelligence unit cited as the main hacking group involved in breaching Democratic National Committee networks in 2016.

In order to spread the misinformation, the group extensively used forged documents. These include letters and social media posts supposedly from officials including US Secretary of State Mike Pompeo, former White House Chief of Staff General John Kelly, along with top officials from the German, British, and Ukrainian governments. 

While Secondary Infektion is linked to Russia, the identity of the individuals behind the operation is still unclear, a mystery Graphika described as the “single most pressing question to emerge from this study.”

The posts from the group were spread out across platforms ranging from Facebook and Twitter to small discussions forums in Pakistan and Australia. It used blogging forums more than the larger social media giants, and received “pushback” for many of its post.

“Secondary Infektion’s posts were consistently low-quality, often running afoul of anti-spam rules on platforms and at times generating pushback from other users who came across their content,” Graphika wrote in the report. “It is likely that we will never identify all the articles that Secondary Infektion posted. Our hope is that the current report will provide a springboard for more researchers to make more discoveries and bring the full puzzle closer to completion.”

Both Facebook and Reddit have previously taken action against the group and removed posts, and Graphika noted that its activity has decreased significantly since the Atlantic Council partially exposed the group last year.