ESET Research recently discovered a new disinformation campaign, Operation Texonto, aiming to break the spirits of Ukrainian people close to the second anniversary of Russia’s full-scale invasion of Ukraine.
The notion that war is only physical and happens exclusively in the real world has long been disproven. Many believe that Stuxnet was the first indicator that international conflict had moved to a hybrid setting, in which digital actions could impact physical outcomes. Today we see a different digital dimension to conflicts: psychological operations that are being carried out online and aim to demoralize and break the spirit of targeted communities and, in this latest case, ultimately trying to convince participants that Russia holds the upper hand.
Operation Texonto, a new component to the already hybrid war between Russia and Ukraine – in addition to numerous DDoS attacks and cyber threats involving malware – is a PSYOP.
PSYOPs are not only confined to kinetic warzones but are also being sophisticatedly deployed to interfere in electoral processes, influence public opinion, and undermine democratic governments in countries that are not at war. They leverage new technologies to amplify their impact and reach, marking a new era in psychological warfare.
PSYOP almost three years into the war
Operation Texonto, which is the name given to the campaign by ESET Research, mostly consists of spam emails. ESET detected two different waves of this attack: the first in November 2023 and the second at the end of December 2023.
In the first wave, which seemed to be more elaborate, ESET detected a wave of emails delivered to hundreds of Ukrainians’ mailboxes (people working in government, energy companies, individuals, etc.) with a PDF attachment.
The goal of this email was to demoralize and sow doubt in the minds of Ukrainians. One of the emails suggested that there might be “heating interruptions this winter.” Another was allegedly from the Ukraine Ministry of Health, claiming that there was a shortage of medicine available. Another suggested that people eat “pigeon risotto,” giving instructions on its preparation, claiming a shortage of food in the country.
Figure 5. PDF allegedly from the Ministry of Agriculture
The aim of these was most likely to instill fear and demoralize Ukrainians in an effort to destabilize communities and the resolve of Ukrainian citizens. This campaign also shares some similarities with campaigns using social engineering; however, none of these emails included malicious links or urged people to give up their personal information. The techniques used here align with common Russian propaganda themes. They are trying to make Ukrainian people believe they won’t have enough resources and heat as a result of Russian aggression.
The second wave appeared a little less elaborate or even ill-prepared but was much darker in its messaging. The emails included disturbing messaging, with the attackers pretending to be Ukrainian citizens urging other Ukrainians to mutilate themselves to avoid military deployment. Sadly, this is a textbook wartime PSYOP campaign.
Spearphishing in the wild
In addition to the misinformation campaign, ESET Research also detected spearphishing campaigns targeting a Ukrainian defense company in October 2023 and an EU agency in November 2023. Both aimed to steal Microsoft Office 365 account credentials. These campaigns share similarities with the abovementioned PSYOPs; thus, ESET researchers believe these are connected.
ESET Reserach also revealed that the domain names used as part of Operation Texonto related to internal Russian topics, such as Alexei Navalny, a well-known Russian opposition leader. Navalny was recently declared dead while serving jail time in Russia.
Those domains include:
• navalny-votes[.]net
• navalny-votesmart[.]net
• navalny-voting[.]net
From the mentioned domains, researchers believe that it’s possible that the operation also included spearphishing or information operations targeting Russian dissidents.
A new layer of complexity to the war
The emergence of PSYOPs on the digital landscape of warfare has added a new layer to the already complex and ongoing hybrid war between Russia and Ukraine. Since the start of the Russian invasion, Russia-aligned groups, such as Sandworm, have been busy disrupting Ukrainian infrastructure using wipers. Operation Texonto is yet another use of technology to try to influence the outcome of the war. It underscores the shifting battlegrounds, from physical to psychological, aiming to demoralize and destabilize communities through disinformation campaigns.
It is crucial for nations, organizations, and individuals to stay vigilant, prioritize cybersecurity, and promote accurate information dissemination to counter such threats. As we circle back to the initial concept of PSYOPs, it’s evident that while the tactic has been in use for a long time, its modern incarnations are more sophisticated and insidious. This underscores the importance of understanding and recognizing PSYOPs as part of the broader spectrum of hybrid warfare tactics, a component that is likely to become increasingly prevalent in future conflicts.
To read more from ESET Research, head over to WeLiveSecurity.com.