Welcome to Memetic Warfare.

My name is Ari Ben Am, and I’m the founder of Telemetry Data Labs - a Telegram search engine and analytics platform available at Telemetryapp.io. I also provide training, consulting and research so if you have any specific needs - feel free to reach out on LinkedIn.

Some announcements for this week first.

Firstly, I’m happy to announce that I’ll be joining the Foundation for the Defense of Democracies (FDD) as an adjunct fellow on hybrid threats for the next six months!

I’ve had the chance to publish with them in the past, and I’m incredibly excited to have the chance to publish more long-form research and investigations - which of course I’ll share here as well.

On that note, the FDD is unaffiliated with MW and everything I say here or anywhere is solely my opinion and unaffiliated with the FDD or any other organizations with which I work.

Secondly, I carried out a brief investigation for Haaretz on a suspected Iranian influence operation - check out the link here. I’ll have a writeup for the full investigation published soon.

This week we’ll be coconutmaxxing with a few interesting topics, and to note the Kamala XCX news cycle I’ve temporarily rebranded for the next week:

Now that that’s out of the way, let’s begin.

Big Trouble in Little Singapore

In a historic decision, Singapore has moved to ban dozens of accounts on multiple platforms that a government agency identified as being operated by Guo Wen Gui affiliates. The timing is auspicious, as Guo was recently convicted in a New York court for fraud.

The Ministry of Home Affairs published a statement on the “issuance of account restriction” alongside an annex of banned accounts.

The statement was short and to the point:

This is notable for a few reasons.

Firstly, this is the first time that Singapore has carried out a takedown against any online IO network by utilizing its foreign interference law. Taking down a GWG network is an interesting choice and one that is unobjectionable to any other partners, so a great way to dip one’s toes in the water.

This may be a sign of things to come as well. Singapore recently invoked the same counter interference law to designate a Hong Kong businessman as a “politically significant person”, working to promote foreign interests (guess from where) in Singapore. On July 11, Singapore announced that the National Trades Union Congress (NTUC) will also be designated as politically significant to prevent undue foreign influence in the future.

Singapore is a fascinating country with a unique role in the world, let alone southeast Asia. It’ll be interesting to follow how it navigates the straits of great power competition and hybrid warfare while defending its political sovereignty, and I imagine that we may see more to come in the future.

Cyber Army of Russia Resanctioned

OFAC announced sanctions on two Russians who served as key figures in the online hacktivist group “Cyber Army of Russia Reborn” (CARR).

CARR has been exposed by Mandiant as being a hacktivist front for influence operations originating in cyber attacks carried out by APT 44.

The sanctions announcement sanctioned CARR due to its hacking activity targeting American critical infrastructure (via ICS and SCADA systems) - see the Mandiant blurb below:

While it’s a good thing that OFAC just won’t quit when it comes to sanctioning malign cyber actors, there’s a bit of missed opportunity here.

The sanctions announcement calls CARR out for their general lack of skill but ignores the broader IO element of their activity, such as broadcasting recordings of their intrusions via Telegram for maximum psychological effect.

The lack of any affiliation with APT 44 is also of note, perhaps we’ll see more in the future.

Overall - a good start, let’s see what comes later.

This is going to ruin the operation

The Insider and Der Spiegel just published a look at leaked communication from Russian SVR officers, including those responsible for “information warfare”. Check out the article here, and I’ll put the blurb below:

The reference to a specific operation named “Kylo”, which could be either pickaxe or Kylo Ren. I’m going to assume that pick-axe, if referring to dissidents/emigres at least, could be a reference to the ice pick-axe that killed Trotsky?

Good to know that the SVR and myself work in roughly the same way when it comes to emailing myself documents!

Notably, the alleged “architect” of the operation, Mikhail Kolesov, was exposed in a picture that would not be out of place of a Russian localization of “The Office” - (left side). Just missing a self-bought “World’s Best SVR Agent” mug!

So far we’ve established that a Russian influence operation is going to:

• Target the West

• Play on fear and loathing

• Use new social media platforms

Par for the course here, but let’s keep going. One of the more notable elements here is that there’s attribution to a specific individual, so that’s always noteworthy, especially with Russians. The Russian leaked data underground is massive and you can almost always find significant information on any Russian via breached data tooling.

The SVR apparently believed, or at least the individual agent did, that state media organs are ineffectual:

He should talk to anyone looking at influence in the West, people routinely lose their minds over pieces on state media. So, the SVR agent in question decided to launch a new operation, described below:

Another element was the use of those front NGOs to make “outsized” demands on behalf of Ukrainian refugees to make advocacy for them look bad:

Unsurprisingly, this has been and will continue to be a prominent topic of Russian influence operations, propaganda and more:

Tip of the proverbial neckbeard fedora here also for adding serious historical context - not something we often see:

IO “malvertising” (let’s say) was also in play. How exactly this would work is unfortunately not detailed - Google ads? How about Meta or others?

The operation’s proposal was detailed, and showed how the SVR would apparently recruit teams to work abroad. Fronts would be branded as independent “investigations” agencies to post multimedia content:

This “storm” platform is of note, and the article describes it briefly:

To be honest, not entirely sure how this would work, but maybe we’ll find out more one day. What is important is the reliance on analytics and metrics for performance, a recurring trend in Doppelganger as well.

Paid protests for a pittance were also included - 100 euros each? Guess the EU economy really isn’t doing so well.

Note also the proposed low price of just 3 dollars!

Physical IO alongside digital was a part of it, as the Insider claims:

Ah, the icepick reference was a different thing, an assassination scheme planned by the same individuals it seems:

I like the Insider, but I’ll be honest - this article makes some big claims and needs better sourcing.

We’d need some primary sources here, as well as frankly a better description of what occurred (it’s written in a bit of a rambling style).

The potential here is bigger than what can be conveyed via a description of the leaks themselves, although admittedly the leaked correspondence itself doesn’t bring much “new” per se - we all know that these shenanigans are ongoing.

There are other questions that can be raised as to the provenance of the documents. Der Spiegel is no stranger to working with leaked documents, but internal correspondence of Russian intelligence agencies is not a typical document. Chances are they were provided with such leaks by a Western government, although other possibilities do exist.

Hopefully we’ll see more such activity to mitigate foreign interference efforts, but without the hard copies, at least in part, it’s hard to truly name and shame or counter.

That’s it for this week! I was abroad for most of last week so it was a bit slower than usual, we’ll be going to back to regularly scheduled programming as of next week.

Leave a comment