A Russia-aligned actor has launched PSYOP campaigns bombarding Ukrainians with propaganda themes, suggesting that they won’t have food, drugs, or heating. Some even propose that potential conscripts amputate a leg or arm to avoid military deployment. All this is done to erode morale, research by cybersecurity company ESET reveals.
A new disinformation and PSYOP (psychological operation) campaign by Russia-aligned actors, dubbed “Operation Texonto,” is trying to influence and demoralize Ukrainians and raise doubts in their minds.
The first wave of emails started on the 20th of November, 2023, and targeted people working in the Ukrainian government, energy companies, and other individuals. They received emails warning about various shortages.
Masquerading as the Ukrainian Ministry of Agrarian Policy and Food, hackers circulated fake “Recommendations at the time of medicine shortages” that suggested boiling two kilograms of hemp together with baking soda and condensed milk and using such a concoction for stress relief.
Propaganda also claimed that the Ukrainian government is refusing to import drugs from Russia and Belarus. ESET notes that the attached PDF document used a logo from a different institution, the Ministry of Health.
Three other spam email templates were identified to circulate lies about disruptions in the heating supply and lack of food and medicine.
While some recommendations seemed believable, others told Ukrainians they “should disregard the invaluable centuries-old experience of proven folk treatment methods” or eat the leaves of herbs as a form of salad.
One recommendation even suggested eating “pigeon risotto,” and the email even provided a photo of a living pigeon and a cooked pigeon together with a recipe.
“This shows those documents were purposely created in order to rile the readers,” ESET writes.
The second PSYOP wave in December 2023 was even more vile and targeted Ukrainian speakers ranging from the Ukrainian government to an Italian shoe manufacturer.
Attackers in one disturbing email template suggested that people amputate a leg or arm to avoid military deployment: “a couple of minutes of pain, but then a happy life!” Another email, while congratulating readers on the New Year, invited them to drive out the Satanists and revive the Kievan Rus.
ESET discovered that the same infrastructure that was used to spread propaganda was also involved in sending Canadian Pharmacy spam on January 7th, 2024.
“Fake Canadian pharmacy spam is a business historically operated by Russian cybercriminals,” ESET noted. “While we don’t know why the operators of the PSYOP campaigns decided to reuse one of their servers to send fake pharmacy spam, it is likely that they realized that their infrastructure was detected. Hence, they may have decided to try to monetize the already burnt infrastructure.”
In addition to the disinformation campaigns, attackers used the same infrastructure for a spearphishing campaign that targeted a Ukrainian defense company in October 2023 and an EU agency in November 2023. The goal of both was to steal credentials for Microsoft Office 365 accounts.
Some domains were named after Alexei Navalny, the well-known Russian opposition leader who was jailed and died on February 16th.
“This means that Operation Texonto probably includes spearphishing or information operations targeting Russian dissidents and supporters of the late opposition leader,” the ESET report reads.
New waves of PSYOPs follow other cyberwarfare and cyber-espionage operations by Russia-aligned groups such as Sandworm, which have been busy disrupting Ukrainian IT infrastructure, or Gamaredon group.
Your email address will not be published. Required fields are markedmarked