Banner: The RT website in Russian. (Source: Reuters Connect)

On September 4, the US government announced actions taken against a large-scale effort by the Russian government to influence American citizens ahead of nationwide elections in November. The announcement delineated a shift in both Russia’s malign influence efforts and how the United States has built a broader response over time. The bottom line remains that Russian efforts to influence Americans, especially ahead of elections, are real, ongoing, and evolving.

The announcement included various legal actions taken by the Department of Justice, including the seizure of 32 internet domains used by the Russian government and Russian-sponsored actors to deceive audiences by creating counterfeit news sites and promoting those sites through fake personas and real influencers. Some of these fake personas and sites used generative artificial intelligence (GAI) to produce content at scale. The DOJ also indicted two Russian state media employees accused of directly working to launder narratives through prominent online influencers. The Treasury Department simultaneously sanctioned 10 individuals and two entities related to the influence efforts exposed, which built on sanctions released in March related to the same Russian influence effort. The State Department announced visa restrictions and rewards for additional information.

Through the 2024 US election season, the US intelligence community has released near monthly assessments through the Foreign Malign Influence Center on state threat actor activity. This approach from the US government is a marked shift in not only proactively exposing malign influence efforts, but also utilizing multiple national security levers to disrupt such efforts before elections and ensure countering malign influence by Russia, Iran, China, and other adversaries is not perceived as a partisan action. In particular, the DOJ announcements delineate specific criminal activity, as opposed to an amorphous effort to influence Americans.

This analysis focused on the 277-page affidavit provided by the DOJ, as well as open sources like media reporting and original research from civil groups, including DFRLab, on this effort dating back to 2022.

In an earlier online era prior to 2018, Russian influence focused on generating content and inauthentic engagement to make chosen narratives reach a larger audience. Each of the efforts delineated by the US government show an evolution in Russia’s approach over the last half decade. As opposed to generating inauthentic engagement with tactics like social media botnets, Russia deployed various tactics to launder chosen narratives and bait already engaged audience into authentic engagement.

Building replicas of existing media outlets, building new outlets altogether, and directly supporting influential personas has plenty of precedent in pre-internet Russian influence operations. The efforts disclosed in DOJ’s actions should be understood as traditional influence – with the potential to cross the threshold of interference – adjusted for the current information environment facilitated by online platforms.

Of note, the DOJ affidavit mentions that generative Artificial Intelligence (gAI) was used in the Russian influence effort to generate pro-Russia content for web domains masquerading as American news outlets. Generative AI could be utilized to make more culturally attuned or engageable content more quickly. On May 30, OpenAI released its first threat report on covert influence operations, which covered the Russian effort disclosed by DOJ. The company’s assessment stated, “these operations do not appear to have benefited from meaningfully increased audience engagement or reach as a result of our services.”

Each component part of the exposed influence efforts shows Russian efforts that are paradoxically evolving and ever-present.

The domains seized by DOJ were part of a long-running operation known as Doppelganger, which has been ongoing since at least 2022. According to the DOJ, some of the sites hosted by these domains impersonated legitimate media outlets, publishing Russian propaganda and narratives aimed at “reducing international support for Ukraine, bolstering pro-Russian policies and interests, and influencing voters in US and foreign elections, including the US 2024 Presidential Election.” The DOJ affidavit outlined how the campaign spoofed websites including those belonging to Fox News and The Washington Post, and used the names and photographs of legitimate journalists with the intention of deceiving readers into believing that Russian propaganda was coming from trusted news sources.

According to the DOJ, the promoted narratives were “identified by the Russian government to further the Russian government’s objectives, such as influencing the US electorate by targeting specific audiences within the United States and elsewhere.” The DOJ affidavit included as supporting evidence notes from Russian Presidential Administration meetings, including more than a dozen attended by Putin deputy Sergei Kiriyenko, discussing details of Doppelganger including the relevant narratives and involved parties.

The network also purchased advertisements on social media platforms to disseminate content from spoofed websites. The affidavit accused the perpetrators of violating US money laundering and criminal trademark laws. Individuals working on behalf of the Russian government purchased the domains, including individuals representing entities sanctioned by the US government, notably the Social Design Agency (SDA), Structura National Technology and ANO Dialog. The entities operated under the “direction and control of the Russian Presidential Administration” and Kiriyenko, according to the affidavit.

Multiple research organizations and news outlets have exposed the Russian doppelgänger effort since 2022, including Sueddeutsche Zeitung, the EU Disinfo Lab, Qurium, and the DFRLab. At the time, we uncovered more than 2,300 Doppelganger assets on Facebook and Instagram that targeted Germany, France, Italy, Ukraine, Latvia, and the UK with pro-Kremlin narratives. Meta estimated that the influence operation spent $105,000 on advertising to promote the network. Since 2022, Russia significantly increased its foreign influence operations, particularly through the tactics utilized in Doppelganger campaigns, including a recent operation that targeted the Paris 2024 Olympics with attempts to discredit France and President Emmanuel Macron.

Some of the actors and organizations involved in Doppelganger were uncovered in March 2024 by the US Department of the Treasury’s Office of Foreign Assets Control (OFAC), indicating Russia has been preparing far in advance of the elections to target US  voters with pro-Russian propaganda. In September, the OFAC announced that it would designate ten individuals and two entities as sanctioned actors “as part of a coordinated US government response to Moscow’s malign influence efforts targeting the 2024 US presidential election.” As part of this operation, Russian-sponsored actors used AI deepfakes and disinformation targeting American voters about the elections and recruited American influencers to disseminate content meant to influence US audiences.

Further details of Russian influence operations were announced on the same day in another DOJ indictment of two Russian nationals employed by RT detailing “a $10 million scheme to create and distribute content to US audiences with hidden Russian government messaging.” The individuals are accused of conspiracy to violate the Foreign Agents Registration Act and conspiracy to commit money laundering. The announcement referred to a group called “Russian Angry Hackers Did It,” led by Russian Federal Security Service officer Aleksei Garashchenko.

The two individuals are accused of working with a Tennessee-based online content creation company to create and disseminate nearly 2,000 videos on several social media platforms garnering more than 16 million views on YouTube alone. The content, some of which was promoted by influencers impersonating US citizens, included commentary on US domestic and foreign policy issues and about the war in Ukraine that aligned with the Kremlin’s agenda. Emails and Discord conversations reveal that the Tennessee-based media company referred to the client as “the Russians,” revealing some sense of who they were dealing with.

The company was not named in the affidavit but was later identified by multiple independent media outlets as Tenet Media. The company’s website describes it as “a network of heterodox commentators that focus on Western political and cultural issues.” It was founded in 2022 by conservative Canadian influencer Lauren Chen, referred to in the indictment as “Founder-1,” and her husband Liam Donovan, referenced as “Founder-2.” RT’s press team responded to the BBC’s request for comment by saying, “2016 called, and it wants its clichés back.”

Tenet Media partnered with several prominent US influencers, some of whom were told the source of funding is coming from a “Eduard Grigoriann,” who is in reality a fictional persona. US influencers who claim they were dubbed and are victims in the Russian influence operation are listed on Tenet Media’s: Benny Johnson, Dave Rubin, Lauren Southern, Tim Pool, Matt Christiansen, and Tayler Hansen. The influencers have large following on several media platforms to create and disseminate content with a cumulative 6.8 million followers on X alone.

The six content creators’ posts on social media distancing themselves from the allegations were viewed more than 11 million times demonstrating their posts and content reach.

This indictment of the two RT employees, Kostiantyn Kalashnikov and Elena Afanasyeva, highlights Russia’s ongoing efforts to utilize unwitting American influencers and media companies, and outlets to promote its propaganda. A WIRED analysis of the content revealed that certain words or phrases used in the transcripts indicated the direction and focus of the content promoted, such as the use of the words “Ukraine,” “misinformation,” “Christianity,” and “Clinton” more than 60 times. The transcripts tackled various social and political issues in the US pertaining to race, gender, sexuality, the Second Amendment, and even the potential for World War III.

On September 5, a day following the earlier indictments, the DOJ issued another, this time against a couple charged with conspiracy to violate the International Emergency Economic Powers Act (IEEPA) “by providing services to Channel One Russia, including by serving as a presenter and producer of programming, and by receiving over $1 million, a personal car and driver, a stipend for an apartment in Moscow, Russia, and a team of 10 employees from Channel One Russia following its designation by OFAC.”

That same day, the DOJ also indicted six hackers, all of whom are residents and nationals of Russia, with conspiracy to commit computer intrusion and wire fraud conspiracy. Five of the defendants were identified by the DOJ as officers in Unit 29155 of the Russian Main Intelligence Directorate (GRU), a military intelligence agency of the General Staff of the Armed Forces. The hackers led a cyberattack campaign known as “WhisperGate” that stole and leaked personal and medical records of Ukrainian civilians, propped for vulnerabilities computer systems in 26 NATO countries, and propped systems maintained by a US government agency in Maryland.

These indictments were not directly related to Russia efforts to influence US elections. However, the delineated ability of Russian hackers’ ability to gain access to information of civilians and government data from US the US and allies raises alarms about those capabilities deployed to target US citizens and government and electoral infrastructure as part of Russia’s overall efforts to target the US elections.

In May, Director of National Intelligence Avril Haines stated in congressional testimony, “The most significant foreign actors who engage in foreign influence activity directed at the United States in relation to our elections are Russia; are the People’s Republic of China, or PRC; and Iran. Specifically, Russia remains the most active foreign threat to our elections.”

The 2024 US election cycle has already included more pre-election steps to both provide regular disclosures and assessments of ongoing malign influence efforts matched with proactive steps to disrupt them. As an example unrelated to Russia’s efforts to target US elections, US law enforcement is currently preparing to launch criminal charges against Iranian hackers for their role in hacking and leaking internal communications from the Trump campaign.

Foreign malign influence remains a serious national security concern that goes straight to the core of American democracy. Taken together, the exposure of foreign malign influence operations provides strong evidence of Russia’s persistent, aggressive efforts to target US audiences and influence US elections. Regular exposure is a measure of resilience, but it should not be taken as measure of impact. As in 2016, substantially more and different data on public opinion would be required to measure the impact of Russian influence efforts over time.  

The repeated warnings from US government agencies and the scale of the indictments issued to date to counter Russia’s foreign influence mark a serious effort to hold the perpetrators accountable and send a strong signal to adversaries ahead of elections.

Dina Sadek and Graham Brookie, “US catches Russia red-handed attempting to manipulate the 2024 presidential election,” Digital Forensic Research Lab (DFRLab), September 17, 2024,