'Operation Undercut' Adds to Russia Malign Influence Campaigns

Just like Russia's Doppelgänger effort, the goal is to spread misinformation about Ukraine, and about Western efforts to help Ukraine in its war with Russia.

3 Min Read
The Russian flag covered by code on a laptop screen
Source: PHOTOCREO Michal Bednarek via Shutterstock

Social Design Agency (SDA,) a Russian outfit the US government recently accused of operating a malign influence campaign dubbed "Doppelgänger," is running another similar campaign concurrently, targeting audiences in the US, Ukraine, and Europe.

The primary objective of the SDA's "Operation Undercut" campaign, much like Doppelgänger, is to erode support for Ukraine in its war with Russia. However, the campaign also extends its interference to other areas, including the ongoing Middle East conflict, internal EU politics, and matters related to the 2024 US presidential election

Broad Effort

"Operation Undercut is part of Russia's broader strategy to destabilize Western alliances and portray Ukraine's leadership as ineffective and corrupt," researchers at Recorded Future's Insikt Group said this week, after analyzing the campaign. "By targeting audiences in Europe and the US, the SDA seeks to amplify anti-Ukraine sentiment, hoping to reduce the flow of Western military aid to Ukraine." The campaign also has been attempting to portray the involvement of the US and EU in the campaign as largely ineffective and misguided, the researchers said.

Recorded Future found that Operation Undercut relies on AI-enhanced videos on social media platforms like X, as well as content that impersonated legitimate media outlets. The videos — in multiple languages, including English, Russian, and German — for the most part appeared well produced and seemed related to recent news events or depicted political figures making various pronouncements.

One video purported to show Ukrainian President Zelensky talking about NATO providing the country with Israel's annual supply of arms. Another portrayed Biden as wanting to escalate the war in Ukraine before Trump takes office while avoiding negotiations with Russia, and a third showed Trump forcing Zelensky to surrender. The campaign also included content that appeared to be sourced from credible media outlets such as UK's The Times and Germany's Die Welt that suggested growing global support for Russia and doubts over Ukraine's war efforts and strategies.

Recorded Future also found members of Operation Undercut amplifying misinformation from Storm-1516, a Russian influence network associated with spreading disinformation about the 2024 US elections, among myriad other topics. Examples included a fake story about Zelensky buying a villa in Italy during a 2024 summit of international leaders and a deepfake video of a Hamas leader threatening the 2024 Olympics.

Limited Engagement

The videos and the content appeared to have very limited engagement so far among the intended audiences. However, the US government has taken a serious view of such efforts and sought to actively curb them where possible. In September, the US Department of Justice moved to seize 32 Internet domains that it identified the SDA and others using as part of the Doppelganger campaign. "Among the methods Doppelgänger used to drive viewership to the cybersquatted and unique media domains were the deployment of 'influencers' worldwide, paid social media advertisements (in some cases created using artificial intelligence tools), and the creation of fake social media profiles posing as US (or other non-Russian) citizens," the DoJ motion noted.

Clément Briens, senior threat intelligence analyst for Recorded Future's Insikt Group, attributed Operation Undercut to the SDA after finding Undercut accounts sharing cartoons strongly resembling those found in SDA-leaked documents and those uploaded by Doppelgänger websites.

"We consider Undercut to be a distinct operation from Doppelgänger due to a divergence in [tactics, techniques, and procedures], notably in the type of content and distribution tactics each operation employs," he says. "While Doppelgänger relies on inauthentic websites and their promotion by automated accounts, Undercut accounts post content directly to social media platforms, using techniques like localized hashtag spam to amplify their content to targeted audiences."

About the Author

Jai Vijayan, Contributing Writer

Jai Vijayan is a seasoned technology reporter with over 20 years of experience in IT trade journalism. He was most recently a Senior Editor at Computerworld, where he covered information security and data privacy issues for the publication. Over the course of his 20-year career at Computerworld, Jai also covered a variety of other technology topics, including big data, Hadoop, Internet of Things, e-voting, and data analytics. Prior to Computerworld, Jai covered technology issues for The Economic Times in Bangalore, India. Jai has a Master's degree in Statistics and lives in Naperville, Ill.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like


More Insights