Welcome to Memetic Warfare Weekly.

I publish this week’s post with a heavy heart, on the backdrop of the invasion of Israel and the ongoing hostilities. However, life must go on. As such, there will be no meme title for this post, and this will be the only post for the coming two to three weeks.

My name is Ari Ben Am, and I’m the founder of Telemetry Data Labs and Glowstick Intelligence Enablement. Memetic Warfare Weekly is where I share my opinions on the influence/CTI industry, as well as share the occasional contrarian opinion or practical investigation tip.

I provide consulting, training, integration and research services, so if relevant - feel free to reach out via LinkedIn or ari@glowstickintel.com.

This week we will belatedly cover Microsoft’s recent Digital Defense annual report, covering activity from June of 2022 to July of 2023 the other day, and it is substantial to say the least:

It would be far too much for us to cover most of this, so we’ll focus on IO activity and where it overlaps with cyber activity.

Right off of the bat, Microsoft emphasizes the centrality of IO and its overlap with cyber activity, especially cyber-enabled IO, in its report - just look below.

What caught my eye is the NSN (nation-state notification) data - what sort of work can still be done in adapting this framework, which informs users that they’ve been targeted by or exposed to a nation-state information operation. Meta did something similar with Facebook pages and Instagram accounts run by the IRA.

Is informing them that they’ve been exposed to, liked, commented on or shared nation-state IO content and so on the right approach? It may be too early to say, but this is a field that I’d love to see more research on and innovation in from leading tech platforms.

From here, we jump to Chapter 3: Nation State Threats.

Interesting to see that Israel is so far up there - guess that’s one of the privileges we enjoy of being a target for both Russia and Iran.

I would be remiss to not bring the attention of my readers to the specific section on IO, available at page 53:

I’ll quote the above directly to drive home the main point: “One noteworthy trend that has emerged across actors is the overlap and, in some cases, synchronization between traditional influence operations and cyber actions.”.

Gone are the days in which digital threats were siloed. IO and Cyber are two sides of the same coin, and in practice always really have been. This will only become truer as time goes on and the two continue to fuse in creative ways.

Microsoft was then kind enough to do a deep dive into each specific nation-state, let’s discuss Russia’s first with some selected content:

I don’t want to get too caught up on this as we’ve discussed the utilization of “hacktivist” cutouts and front organizations by Russia to carry out both low-level cyberattacks as well as information operations, including many cases of the two being fused directly.

Telegram is also arguably understated here in its importance for hacktivist groups, as most of the above as well as other known Russian hacktivist fronts, utilize Telegram primarily or even exclusively for their IO and other operations.

The most interesting development is the fusion of cyber, IO and physical campaigns as shown in Poland. The ability to use low-level field agents, or even freelancers or flyer-distribution firms, to spread malicious QR codes to share both propaganda and disinformation content as well as malware is fascinating and shows the connected nature of the fields.

China has also continued to ramp up its activity in the IO space, with Microsoft interestingly devoting less overall coverage to Chinese IO compared to Russia, although this may be justifiable due to the Russian invasion of Ukraine.

The main points, which I agree with overall, are that China:

• Increasingly utilizes a broad swathe of platforms as part of its operations, including drastically expanding their repertoire of languages:

• Promoting influence among the Chinese diaspora, unsurprisingly, continues to be a main focus, and in reality always will be:

• Where it gets more groundbreaking is regarding the use of influencers. There has been much ado about the use of influencers by China’s state media apparatus and broader IO. However, very few people have really taken the time to sit down and scientifically research and organize the relevant data on Chinese influencers as we see below - interestingly noting 9 influencers in Hebrew and other niche languages.

Iran also gets a notably large mention. Microsoft interestingly posits that Iran has invested heavily in IO in the past year, potentially as a response to the domestic turmoil and unrest it experienced as part of the nation-wide protests against the regime.

Iran also, as per Microsoft, turned towards collaborating with Russian state media (unsurprising) and has continued to invest in and rely on its regional proxies for influence capabilities and operations. Nothing too groundbreaking but always nice to see more writing on the topic.

That’s it for this week - I’ll be back to normal eventually as things calm down here. Stay safe everyone.