Two groups of suspected Russian hackers tried to derail the NATO defense alliance’s recent Vilnius summit by spreading disinformation and apparent intelligence documents online, social media research firm Graphika said.
In a new report shared with POLITICO, Graphika detailed how it found one campaign spreading fake NATO press releases through web pages mimicking the alliance’s website and through fake social media accounts. Another group posted documents online about the summit’s internal security measures, claiming that they were documents obtained from the Lithuanian government.
The misinformation campaign included forged announcements that NATO was doubling its defense budget and that the alliance was considering the idea of supporting deploying Ukrainian troops to France to respond to the protests earlier in the summer.
It was the latest of a series of campaigns by Russia-linked groups to target European countries with disinformation campaigns to sow discord among NATO members and undermine support for Ukraine in its ongoing fight against Moscow.
The Vilnius misinformation efforts showed similarities to earlier pro-Russian influence campaigns Doppelganger and Secondary Infektion, Graphika said, some of which have been linked to Russian companies that were sanctioned by the EU in July for “digital information manipulation.” Graphika added it had “medium confidence” that the new campaigns were conducted by these known Russian actors, meaning it had found similarities but could not independently establish the link.
Tyler Williams, director of investigations at Graphika and one of the researchers who worked on the report, said it was an example of how “different [hackers] both conduct hard cyberattacks as well as hack-and-leak operations using what they’ve collected through their hard cyberattacks.”
Williams added the reach on social media was “very limited” and mostly confined to pro-Russia Telegram channels.
The Doppelganger campaign has attempted to spread fraudulent news online since last year, while the Secondary Infektion group has been active for almost a decade, and has in recent years been publicly exposed by Meta and by the Atlantic Council.
One of Secondary Infektion’s previous campaigns involved leaking classified trade documents between the United States and the United Kingdom ahead of Britain’s 2019 election that were stolen from the email account of former trade minister Liam Fox, Reuters reported at the time.
Williams said Graphika staff compiled the report themselves without working with social media groups like Meta. The company declined to comment on whether it had informed either NATO or the Lithuanian government of the findings.
The Lithuanian defense ministry said its police department is investigating the claims. “While in the process, no more information could be provided as not to compromise the investigation,” Asta Galdikaitė, an official at the defense ministry, said in an email.
NATO spokesperson Oana Lungescu said in a statement that the bloc had “monitored attempts by threat actors to create fake web stories in the days leading up to the Vilnius summit, which received low levels of engagement.” Lungescu said that NATO worked with media outlets to make “clear that the websites were fake” and claims on them were debunked. This is part of NATO work to monitor disinformation campaigns, according to Lungescu.
“NATO is vigilant and protects its own networks from malicious cyber activities 24 hours a day,” Lungescu wrote. “We are constantly upgrading our cyber defences and detection capabilities, and sharing information among NATO allies, so we can respond effectively.”
The Vilnius summit, held July 11-12, saw NATO countries’ leaders take steps to expand the alliance by allowing Sweden to join and reiterate support for Ukraine as it fights to beat back Russia’s invasion of the country. The alliance also endorsed new cyber defense measures at the summit, including strengthening cyber cooperation and committing to hold a Cyber Defense Conference in Berlin later this year.
This article has been updated.