White House seizes 32 domains, issues criminal charges in massive election-meddling crackdown

The Biden administration on Wednesday seized 32 websites and charged two employees of a state-owned media outlet connected to a $10 million scheme to distribute pro-Kremlin propaganda, and claimed the actions were necessary to counter Russia’s attempts to influence the upcoming US presidential election.

"The Department's seizure of 32 internet domains secretly deployed to spread foreign malign influence demonstrates once again that Russia remains a predominant foreign threat to our elections," deputy attorney general Lisa Monaco declared in a statement. "At Putin's direction, Russian companies SDA, Structura, and ANO Dialog used cybersquatting, fabricated influencers, and fake profiles to covertly promote AI-generated false narratives on social media."

This is all part of the ongoing Doppelgänger operation – a Russian-government-backed influence campaign that has been active since at least 2017. It uses a network of "thousands" of phony social media accounts, fake-news websites and deepfakes to influence American voters and spread pro-Moscow messaging.

It's called Doppelgänger because it uses typosquatted domains – sites with names that are close to legitimate ones - such as washingtonpost.pm rather than the real washingtonpost.com – to trick viewers into believing they are reading and watching content produced by reputable news orgs. But as screenshots [PDF] of washingtonpost.pm show, the site is thoroughly pro-Kremlin.

In other instances, the perpetrators created their own media brands to promote Doppelgänger content using names such as "Recent Reliable News."

The 277-page affidavit [PDF] used to obtain a warrant to seize the 32 websites details internal strategy meeting notes and propaganda project proposals developed by Moscow’s agents. These include the Good Old USA Project [PDF], which essentially makes the case for supporting Republican presidential nominee Donald Trump – although neither he nor the Republican party are named in the redacted court documents.

Names of candidates and political parties have been blacked out, and they are labeled "Political Party A," "Candidate A," "Political Party B," and "Candidate B."

"The USA has been trying to maintain 'the global leadership' by strategically defeating Russia," according to this project proposal, adding that a growing number of politicians support a domestic-issue agenda, as opposed to "wasting money in Ukraine and other 'problem regions.'"

While "US Political Party B" is still in power (aka the Democrats) and wants to continue this foreign policy focus, "US Political Party A," (aka the Republicans) doesn't support these priorities, the proposal asserts.

"It makes sense for Russia to put a maximum effort to ensure that the US Political Party A point of view (first and foremost, the opinion of Candidate A supporters) wins over the US public opinion," the document adds.

The goal of the plan outlined in the doc is: "To secure victory of a US Political Party A candidate (Candidate A or one of his current internal party opponents) at the US Presidential elections to be held in November of 2024."

The Doppelgänger domain takedowns are part of a larger, coordinated effort across multiple US government agencies to combat Russia's "covert attempts to sow division and trick Americans into unwittingly consuming foreign propaganda," according to FBI director Christopher Wray.

Wray, in a statement, declared the Kremlin's influence operation "represents attacks on our democracy."

Criminal charges and sanctions

Also today, the Justice Department charged two Russian nationals – 31-year-old Kostiantyn Kalashnikov and 27-year-old Elena Afanasyeva – with conspiracy to violate the Foreign Agents Registration Act and conspiracy to commit money laundering.

Both individuals, who remain at large, are allegedly employed by RT, formerly Russia Today – a Russian government-funded media organization.

According to the indictment, Kalashnikov and Afanasyeva, through RT, covertly funded an unnamed Tennessee-based content-creation business to the tune of $10 million.

We’re told that business produced 2,000 or more English-language videos posted to social networks and YouTube, on topics including immigration, inflation, and other domestic and foreign policy matters.

Court docs state those vids were viewed over 16 million times on YouTube alone since November 2023 – without the creator ever disclosing it was funded and directed by RT.

Afanasyeva allegedly used "multiple" fake personas and edited, posted and directed "hundreds" of these videos.

"While the views expressed in the videos are not uniform, the subject matter and content of the videos are often consistent with the Government of Russia's interest in amplifying US domestic divisions in order to weaken US opposition to core Government of Russia interests, such as its ongoing war in Ukraine," the court documents [PDF] allege.

• Meta reckons China's troll farms could learn proper OpSec from Russia's fake news crews
• OpenAI is very smug after thwarting five ineffective AI covert influence ops
• What a coincidence. Spyware makers, Russia's Cozy Bear seem to share same exploits
• Russian cyber snoops linked to massive credential-stealing campaign

In addition to their alleged backing of the Tennessee content producer, the Russians are aid to have also co-opted two US-based social media influencers – referred to as "Commentator-1" and "Commentator-2" in the indictment – who respectively have over 2.4 million and 1.3 million YouTube subscribers.

The RT-funded business is said to have paid the two influencers to produce videos for them and share them with their subscribers.

Meanwhile, the Treasury Department sanctioned Kalashnikov and Afanasyeva, along with eight other individuals and two entities, in response to "Moscow's malign influence efforts targeting the 2024 US presidential election."

In addition to Kalashnikov and Afanasyeva, the Office of Foreign Assets Control (OFAC)-designated individuals are:

• RT editor-in-chief Margarita Simonovna Simonyan;
• RT deputy editor-in-chief Elizaveta Yuryevna Brodskaia, who the feds say has reportedly directly to Russian president Vladimir Putin;
• RT deputy editor-in-chief Anton Sergeyvich Anisimov, who allegedly conducts activities on behalf of the Russian Federal Security Service (FSB);
• RT deputy director Andrey Vladimirovich Kiyashko;
• Aleksey Alekseyevich Garashchenko, head of the pro-Kremlin hacktivist group RaHDit, who was an FSB officer at the time he started leading the group. RaHDit, also known as Russian Angry Hackers Did It, has previously meddled in other countries' elections, via cyber-enabled influence operations. According to the feds, RaHDit is a threat to the 2024 US presidential vote. Garashchenko also interacts with RT employees, we're told.
• Anastasia Igorevna Yermoshkina, an affiliate of Garashchenko;
• Aleksandr Vitalyevich Nezhentsev, who works with Garashchenko and is an administrator and developer of cyber tools used by the FSB;
• Vladimir Grigoryevich Tabak, the director general of both ANO Dialog and Dialog Regions. He previously held several positions in the Russian Presidential Administration.

OFAC also designated ANO Dialog – a Russian non-profit that uses AI to generate disinformation – and its subsidiary Dialog Regions for their ties to the Kremlin's disinformation campaigns.

Tabak, ANO Dialog and Dialog Regions are allegedly linked to Doppelgänger.

Visa restrictions and a $10m bounty

The State Department also rolled out a policy to restrict issuance of visas to individuals acting on behalf of Kremlin-supported media organizations who are also engaging in covert influence.

Because visa records are confidential, State won't reveal names of any of these individuals subject to the new policy.

However, it designated the operational US presence of Rossiya Segodnya – and subsidiaries RIA Novosti, RT, TV-Novosti, Ruptly, and Sputnik – as foreign missions, meaning the feds believe they are controlled by the Russian government. As such, they must notify the Department of all personnel working in the US and are required to disclose all US property they hold.

Finally, the Rewards for Justice program, administered by the Department's Diplomatic Security Service, is seeking information on potential foreign efforts to influence or interfere in US elections – and it's offering a $10 million prize.

Specifically, it wants the lowdown on organizations such as RaHDit. "Individuals who provide certain information on RaHDit could be eligible for a reward of up to $10 million or relocation" under the reward offer. ®