With an ongoing land war in Ukraine, everyone needs to be alert for the Kremlin's parallel disinformation campaigns. Many people simply are not aware of the massive amount of false data that is being spread by an extensive, Russia-controlled network of media outlets, websites and social media accounts. The Russian government is spreading disinformation to at least 4 different audiences:
- The domestic Russian audience;
- Audiences inside Ukraine;
- Audiences in former Soviet republics; and
- Audiences in Western Europe and the U.S.
Clint Watts' Miburo team recently updated their Russia's Disinformation & Propaganda Ecosystem InfoGraphic and it is extensive:
The infographic links to a post that goes into considerable detail and explains which Russian services (SRV, FSB, GRU) run what sites. They said: "In recent years, a vast network of Kremlin propaganda outlets, fake social media accounts, and disinformation campaigns have been revealed to unwitting audiences in America and Europe. Western observers now increasingly ask “What’s Russia saying?,” “Is this from a troll?,” or “Are these Russian bots?”
The answer is a bit more nuanced than a simple yes or no, this or that. On any given day, Russia broadcasts many messages in many directions. Since Russia invaded Ukraine just a few days ago, Kremlin propagandists have moved far beyond the fake accounts and internet trolls of past elections to try and shape perceptions and achieve information objectives..."
The problem is that often this type of weaponized messaging gets picked up—unaware of the source—and gets forwarded or published as legit. Here is where misinformation starts doing the work for the Kremlin. Social media are by far and large the most-used platforms for this.
At the moment though, the world apparently has decided enough is enough and after years of struggling to catch up to Russian information warfare is fighting back. An early example is that YouTube and Meta are now barring Russian media outlets from monetizing.
So, what to communicate to your workforce?
Our friend Lance Spitzner at SANS said it best in his LinkedIn post: "Do not trust or rely on information from new, unknown or random social media accounts, such as posts on LinkedIn, Instagram, Facebook or Twitter. Many accounts on these sites were created for the sole purpose of putting out fake information. Instead, follow only well-known trusted news sources who verify the authenticity of information before they broadcast it. Finally, if you wish to donate to any causes in support of recent events, once again make sure you are donating to a well-known, trusted charity. There will be many scams attempting to trick people into donating to fake charities ran by cyber criminals."
Part of having your shields up and preparedness is to inoculate your employees against this type of social engineering. KnowBe4 recently released a training module called Spot And Stop the Spread of Disinformation. This module covers the red flags that show an email or social media message might be propaganda and trains the end user to apply critical thinking before they forward damaging disinformation.
At times like this, we suggest you step your users through this module as soon as possible. You can preview this 15-minute module at the KnowBe4 Modstore right now. See below.
We also recommend sending simulates phishing tests with templates we have created for this in the Current Events category pertaining to Russia/Ukraine. The template names are listed below.
- Ukraine is in crisis – please donate (Link)
- The Guardian: Russia suspended from all FIFA and UEFA competitions until further notice (Link)
- Twitter: Stay up to date on new Russia/Ukraine developments (Link)