Russian influence op keeps trying but struggles to win hearts and minds

Meta researchers said the influence operation known as Doppelganger continues to target European elections and Ukraine policy with little impact.
A European flag with a message saying “use your vote” at the Brussels Pride event is pictured on May 18, 2024 in Brussels. (Photo by LAURIE DIEFFEMBACQ/BELGA MAG/AFP via Getty Images)

An online influence campaign linked to Russia has shifted tactics to avoid being discovered as it continues to target upcoming elections in Europe, according to new research from Meta.

The efforts by Doppelganger, a threat group that has been linked to Russian government contractors and President Vladimir Putin, to influence online debate has been relatively unsuccessful, according to Meta’s quarterly threat report released Wednesday.

According to the company, the operation, which is one of the most prolific influence operation in history, continues to spread narratives focused on blunting Western aid to Ukraine. To do so, Meta researchers said Doppelganger’s operations continue to resemble a “smash-and-grab” effort defined by “expending a large amount of resources in the face of a very high detection rate and daily loss of assets.”

In a briefing with reporters, Mike Dvilyanski, Meta’s head of threat investigations, said increased scrutiny from governments and researchers over the past two years has led Doppelganger to switch up the core tactics it has relied on for laundering propaganda across social networks.


Most notably, the operation is no longer relying on the impersonation and spoofing of government and media websites that earned the group its moniker, at least on Meta’s range of social media apps. The group initially leaned heavily on linking to typo-squatted versions of more well-known websites, but as those domains were flagged and blocked, the group had to fall back to using redirect links with long or unrelated strings in the URL, something that made the links stand out more as obvious fakes and reducing click rates, Meta said in its report.

Dvilyanski said that since April, the group has stopped sharing typo-squatted and redirect links on Meta’s platforms altogether as the company has blocked users and infrastructure associated with the campaign. As part of the report’s release, the company is uploading a fresh batch of more than 600 threat indicators associated with the group on its GitHub repository.

“Over time, we’ve seen that forcing them to adapt as we keep on improving our defenses degrades the quality of the operation overall,” Dvilyanski said.

The research comes as experts and politicians in Europe have said they are concerned about a surge of Russian-backed disinformation ahead of European Union elections scheduled for early June. 

Ursula von der Leyen has made the topic a top campaign issue as she runs for a second term as EU president, pledging to create a “European Democracy Shield” to protect against foreign election interference. Von der Leyen is a member of the Christian Democratic Union, the German political party that was targeted in a spearphishing campaign earlier this year by Russia’s Foreign Intelligence Service (SVR).


The sheer volume and scale of Doppelganger’s influence network means social media platforms like Meta will continue to monitor the group’s activity. However, researchers emphasized that they continue to believe the level of effort observed around Doppelganger’s campaigns tends to significantly outstrip their impact on national debates.

David Agranovich, the policy director for threat disruption at Meta, told reporters that Doppelganger’s content over the past 20 months, which has largely focused on pushing narratives that undermine U.S. and Western support for Ukraine, has been unyielding but also “crude and largely ineffective at building authentic audiences on social media.”

Meta has previously flagged two Russian companies, Structura National Technologies and the Social Design Agency, as contractors behind Doppelganger working on behalf of the Russian government. Both companies have been sanctioned by the European Union and the United States, and seen their infrastructure curtailed by platforms.

But Agranovich said for-hire groups like the ones behind Doppelganger “are paid to keep trying as long as their client’s operational objectives remain,” and no amount of disruption is likely to deter them so long as Moscow continues writing checks. 

Indeed, the group often attempts to twist takedowns and exposure of their operations by researchers, governments and media into tools to bolster their image as master manipulators.


“When they get caught, we expect them to try to use their notoriety to gain attention, to try to create the perception that they’re everywhere and are having a bunch of impact,” Agranovich said. “This can both benefit their business by making the services look more effective, and it can accomplish the goal of their operation to undermine broad confidence and public discourse.”

Derek B. Johnson

Written by Derek B. Johnson

Derek B. Johnson is a reporter at CyberScoop, where his beat includes cybersecurity, elections and the federal government. Prior to that, he has provided award-winning coverage of cybersecurity news across the public and private sectors for various publications since 2017. Derek has a bachelor’s degree in print journalism from Hofstra University in New York and a master’s degree in public policy from George Mason University in Virginia.

Latest Podcasts