The IRGC Center for Basij who Can't Meme Good
Welcome to Memetic Warfare.
We’ll start off this week with US sanctions on Russian and Iranian IO actors that targeted the US presidential elections, check out the announcement here.
The sanctions target actors tied to the IRGC and GRU:
The IRGC information is by far the most interesting despite being the least detailed:
So, as of at least 2023, we have the Cognitive Design Production Center (CPDC), a previously-unknown (to the best of my knowledge) Iranian IO center operating under the auspices of the IRGC. Going forward, I’ll be referring to them as the IRGC Center for Basij who Can’t Meme Good.
Unfortunately, there is no other information provided, and there isn’t much available online from reputable sources.
However, ByteSec1401, an anti-Iran hacktivist group (be it real or a cutout, which it certainly may be) has claimed that the head of the CPDC is named Raf’ioddin Esma’ili, who also works as a professor, who works alongside one Vahid Ghanjali, but this claim is unsubstantiated.
ByteSec has also claimed to have acquired the names of other individuals associated with the Cognitive Design Production Center, and posts the kind of content that I’d personally expect to see from a front/cutout group.
Considering that ByteSec was the only group to have heard of the CPDC and published anything about them just a few months prior to the sanctions announcement, I’m a bit suspicious.
It seems that we may have another KasperSekrets situation on hand. For those who don’t remember, check out the past MW post in the above hyperlink, but to make it short - we have a situation in which a potential US/Western government cutout leaks content via an anonymous Twitter account (with DMs open of course), only to see specific information leaked/referred to then pop up in USG sanctions shortly thereafter.
The Russian portion of the sanctions designation is more detailed, but frankly is a bit less interesting - Dugin, CGE, domains and so on. The one part that stuck out to me was a brief description of CGE’s use of a server to host generative AI tooling to not have to use Western/online tools.
It’d be interesting to get more information on the type of server they were using, how they used it, with which models and so on. Perhaps we’ll get more detail on this sort of stuff going forward.
Let’s now move on to Romania. Romanian outlet Snoop.ro has some interesting claims about the elections worth considering.
Snoop claims that the pro-Georgescu influencer campaign discussed in last week’s post, which the Romanian government stated in a report was “identical” to a similar Russian operation in Ukraine, was in fact hijacked by a competing Romanian political party. See the below main points:
This is still a developing story and one published only , to my knowledge, by Snoop.ro, so I’ll take it with a grain of salt - but it’s certainly feasible.
There are, however, some caveats:
Snoop’s report only refers to the influencer campaign, not the inauthentic TikTok networks or other online networks (on Meta or other platforms) as discussed.
There is evidence, as discussed last week, of other potential financial malfeasance on the part of Georgescu. Georgescu’s campaign manager was found to have not reported large sums of crypto, and apparently some criminal organizations have also campaigned on his behalf.
I’m looking forward to reading something more conclusive on this hopefully sometime soon.
Let’s move on to something more straightforward.
Check out Google TAG’s Q4 report here if you’re in the mood to read it and be left dying for more information! It’s almost as bad as having read the Song of Fire and Ice books which stopped at book 5.
See some of the reports with 0 additional contextual information that I would like to hear more about below:
And many, many more!
I get that there are certain constraints/fears legally when it comes to publishing indicators and information in these, but come on - we need something to work with here.
Regardless, it’s always nice to read a TAG report and be reminded that Google news is a thing and that it can be exploited in IO.
The last thing we’ll check out this week is the Insider’s look at Matryoshka on Bluesky, available here.
The presence of Matryoshka, and Russian activity in general, on Bluesky has become increasingly apparent to anyone in the IO space.
Matryoshka accounts have posted at least 4 videos in the below fashion, targeting what else but Ukraine and interestingly choosing to tag prominent news outlets and journalists:
See the video itself below:
Interesting, right? As the Insider points out, the video starts off with a real person, and then transitions to what sounds like a probably AI-generated audio clip run over the video. Check out the rest of the article for more, as it’s an interesting case.
That’s it for this week!