Operation Secondary Infektion Impersonates Swedish Riksdag
Get Trending Threat Insights with Cyber Daily Subscribe Today

Operation Secondary Infektion Impersonates Swedish Riksdag, Targets European Audiences

October 26, 2021 • Insikt Group®

Russia

Insikt Group

Editor’s Note: The following post is an excerpt of a full report. To read the entire analysis, click here to download the report as a PDF.

The following report is an update to Insikt Group’s August 2021 publication “Operation Secondary Infektion Continues Targeting Democratic Institutions and Regional Geopolitics”, an investigation into the likely Russian state-sponsored information operation “Secondary Infektion.” This report examines a second newly discovered campaign of Operation Secondary Infektion, aimed at impersonating the Swedish Parliament (Riksdag) to promote a claim that Sweden is set to join NATO along with Ukraine. This report contains information gathered using the Recorded Future® Platform as well as several OSINT enrichment tools.

Executive Summary

Recorded Future’s Insikt Group has located an image of a photoshopped screenshot, purportedly from the website of the Swedish Riksdag (Parliament) and circulating on a Swedish-language forum website and among Ukrainian sources, claiming that Sweden and Ukraine look to join NATO as soon as possible. We believe that this is an effort to sow mistrust of Sweden’s political figures domestically, create uncertainty and false optimism among Ukrainians, and shape negative perceptions of NATO and Ukraine among Russian audiences. This campaign is highly likely an instance of the likely Russian state-sponsored information operation “Secondary Infektion”. 

Key Judgments

  • This inauthentic screenshot is highly likely to be an instance of the Russia state-sponsored information operation Secondary Infektion, based on our analysis of this campaign’s tactics, techniques, and procedures (TTPs). These include language leap, first in Swedish, then appearing in Ukrainian and Russian, through self-publishing blog websites and forums published via single-use “burner” personas with no prior histories. This campaign also attempted social media amplification as expected on Reddit but failed.
  • With each wave of articles, the first post appearing in Swedish, then Ukrainian, and most recently in Russian, the tone and presentation of the screenshot differs based on the specific European target audience. The strategy of deploying multiple narratives centered around confusion, discontent, and doubt is a hallmark of Russian state-sponsored strategic disinformation campaigns. 
  • At this time, we do not believe that this instance was successful, based much in part due to the influence actors’ continued dependence on prioritizing operational security (OPSEC) over audience building. This specific narrative is most likely dormant or abandoned as of September 2021.

Editor’s Note: This post was an excerpt of a full report. To read the entire analysis, click here to download the report as a PDF.

New call-to-action

Related Posts

Magecart Groups Abuse Google Tag Manager

Magecart Groups Abuse Google Tag Manager

December 6, 2021 • Gemini Advisory

Editor’s Note: The following post is an excerpt of a full report by Gemini Advisory To read the...

Cyber Threats to Veterans in 2021: Spam and Scams Exploit Support for Veterans

Cyber Threats to Veterans in 2021: Spam and Scams Exploit Support for Veterans

November 16, 2021 • Insikt Group®

Editor’s Note: The following post is an excerpt of a full report To read the entire analysis,...

The Business of Fraud: Botnet Malware Dissemination

The Business of Fraud: Botnet Malware Dissemination

November 12, 2021 • Insikt Group®

Editor’s Note: The following post is an excerpt of a full report To read the entire analysis,...