Welcome to Memetic Warfare.

Let’s get the ball rollin this week with election interference news in the US. The ODNI put out a statement on Iranian interference (again) targeting the Democrats and Republicans.

In this case, Iranian “cyber actors” took stolen material from the Trump campaign and sent it, to no response, to the Biden campaign prior to the handover to Harris. Alongside that, Iranian actors as well are trying to get their previous operation which acquired opposition research on JD Vance published, to no avail. Not much more to add here, but the FBI/DOJ/CISA seem much more on top of things this time around, one only has to think back to the last time this happened with the Trump campaign to recall how this could have gone.

We’ll continue with another mention of the Stanford Internet Observatory’s research on African Stream.

Their quick look at African Stream brings up some interesting points:

• The CEO of African Stream worked for PressTV for years while also moonlighting for RT as a “political analyst”

• Other African Stream employees worked for state media outlets in Turkey and China in the past

Overall, this seems to be an archetypal case of outsourcing work to influencers and freelancers who happily work for any state media organization.

The next thing to discuss is CheckFirst’s latest update to their Operation Overload report. Check out the summary below to be reminded of Overload:

The operation has since pivoted to targeting France and the Olympics:

After the Olympics, the network moved to targeting the US, including insulting Kamala Harris’ intelligence. What a trite insult, I’m hoping for some more inventive claims next time.

Telegram is of course central to the operation:

There’s more though. QR codes continue to be used by the operation in innovative ways, including one attempt to impersonate Viginum funnily enough:

Analyzing the QR codes and redirects exposes ties to a specific Russian marketing company:

Overall, great work by CheckFirst in a concise and easy to understand report.

We’ll conclude with a big story.

Multiple European outlets recently acquired leaked documents from the Russian company “Social Design Agency”, the main company behind the ongoing Doppelganger network. Wonder where these came from, but the usual suspects come to mind - disgruntled employee, foreign government agency being perhaps the two most feasible.

There’s a lot to cover and I hope that eventually the files are released to the public, but let’s review what we have in the interim. Prior to looking at VSquare’s coverage, let’s look at some of the few samples that have made it out. Martin Laine posted a great look at some highlights, see his thread for a deeper look.

Let’s get back to the article covering the documents. The first section discusses the sheer quantity of and diversity of content:

Above we see that the SDA works in a highly organized fashion, which is unsurprising. We even have specific numbers - 38,899 “content units”, 2,516 memes and graphics and more came out of the SDA as part of their activity. This activity was highly organized by the SDA:

The exposure of hundreds of meme samples is also highly useful, as platforms can hash them, search them internally and take down any instances of them being uploaded, including looking at the accounts themselves. Comments are also viewed as being important:

In contrast to what we often think outside of Russia, the operators themselves believe that they are in fact girlbossing, moving the proverbial needle and hitting their KPIs:

This sort of tracking is useful for two reasons. Arguably it’s useful for the operator who wants to track everything they do, but in my opinion - this sort of stuff is usually much more critical to justify cost by making numbers go up and showing that to the person or organization funding the operation.

The upcoming EU parliamentary elections are of course a big topic of interest. The SDA thus attempted to amplify far-right parties to promote Russian interests:

Germany’s AfD party was specifically viewed as being critical:

France also was targeted with some success by Russia, but interestingly Italy was more resilient. This is almost certainly due to domestic politics and not the actual quality of the campaign.

Forgeries were also created and pushed by the SDA:

Laine shows just how organized this activity was based on SDA documentation:

Fascinatingly, Kaliningrad, the Russian enclave in Europe, was considered as a site for the creation of an IO center to focus on Germany and Poland:

So we have a lot to look at in this, and there is a TON of other coverage of this on specific countries, so check that out yourself if you’re interested. One example of such would be the Shomrim coverage of the DG activity targeting Israel.

There’s been some coverage of recent activity from DG and other Russian actors from Microsoft, available here. I won’t go in depth as it’s pretty brief and has already been thoroughly covered by others.