Policy

Russian-backed hackers behind disinformation campaigns intended to divide Ukraine: report

Russian-backed actors have launched numerous disinformation campaigns intended to demoralize Ukrainians and incite internal unrest, according to a report released on Thursday by cybersecurity firm Mandiant.

In one of the campaigns, referred to as “Secondary Infektion,” the actors falsely claimed that Ukrainian President Volodymyr Zelensky committed suicide in a military bunker in Kyiv because of his failure to keep his country safe.

In another campaign led by Secondary Infektion in April, the operatives said that Ukraine’s Azov regiment, a Ukrainian special operations unit within the country’s National Guard, was seeking vengeance against Zelensky for abandoning his troops in Mariupol. 

The campaigns to divide the country did not stop there. In another operation, Russian-backed operatives used Telegram, a popular social media platform, to spread disinformation including that the Ukrainian government was corrupt and incompetent, and that the country was unprepared for the war, according to the report.

They also claimed that Ukrainian oligarchs “paid Zelensky for the right to leave the country.”


Mandiant said that the disinformation campaigns it identified occurred concurrently with disruptive and destructive cyberattacks that targeted Ukrainian government websites. 

“While some of this activity is known, or already been reported on, this report captures how known actors and campaigns can be leveraged or otherwise refocused to support emerging security interests, including large-scale conflict,” Alden Wahlstrom, senior analyst at Mandiant, said in a statement. 

In another attempt to alienate Ukraine from its allies, Belarus-linked hackers known as Ghostwriter claimed that a Polish criminal gang was harvesting organs from Ukrainian refugees so it could illegally traffic them in the European Union. The operatives also claimed that “high-ranking Polish officials” were involved in the scheme. 

This is the latest report detailing the various ways Russian-backed hackers have used disinformation campaigns and cyberattacks against Ukraine.

Last month, Microsoft reported a series of cyber operations led by Russian-backed hackers. In the report, the tech company revealed that more than 200 cyberattacks were launched against Ukraine, including nearly 40 destructive ones that targeted key institutions and critical sectors.

“For years, analysts have documented that Ukraine, a key strategic interest of Russia, is a testing ground for Russian cyber threat activity that they may subsequently deploy elsewhere. Now, we witness how pro-Russia actors have leveraged the assets and campaign infrastructure developed over time (in whole or part) to target Ukraine.” Wahlstrom said.