Researchers have discovered Russia-aligned PSYOPs that combine espionage, disinformation, and Canadian pharmacy spam. It also has links to Alexi Navalany, the Kremlin critic who died last week in an Arctic penal colony.
The PSYOPs — a military term for “psychological operations” — were unearthed by analysts at ESET, a cybersecurity firm headquartered in Slovakia. They named the campaign “Operation Texonto.”
The operation disseminated war-related disinformation to Ukrainians via spam emails. Through two waves of messages, the campaign spread fears about shortages of food, medicines, and heating supplies — typical themes of Russian propaganda.
Alongside the disinformation, ESET detected a spearphishing campaign late last year that targeted a Ukrainian company and an EU agency. It aimed to steal credentials for Microsoft Office 365 accounts.
Due to similarities in their network infrastructure, ESET is confident that the PSYOPs and phishing are connected.
Matthieu Faou, Senior Malware Researcher at ESET, said the company’s customers had sparked the hunt for Operation Texonoto
“ESET has a significant user base in Ukraine and as such, our research team dedicates a lot of its time to track Russia-aligned groups,” Faou told TNW via email. “We first uncovered a spear phishing campaign and then pivoted on the artefacts, which led to the discovery of the two PSYOPs.”
They also led to that connection with Navalny.
Real dissidents and fake pharmacies
Operation Texonto used domain names related to Navalny. The researchers suspect the campaign deployed spearphishing or information operations against Russian dissidents and Navalny supporters.
Another link was made to fake Canadian pharmacies, which have been popular with Russian cybercriminals for decades. In 2004, “Canadian Pharmacy” was named “the world’s currently most voluminous spam generator.”
One of the servers used to send the spam emails was later reused to send typical Canadian pharmacy spam.
ESET surmised that the campaign operators had realised their operations had been detected. Consequently, they may have tried to monetise the burnt infrastructure for personal profit.
Detecting psyops
In the disinformation campaign, the first wave of emails was sent in November 2023. They targeted Ukrainian politicians, energy companies, and citizens. ESET estimates that the messages had “at least a few hundred” recipients.
Rather than spread malicious links or malware, the messages sought to fracture support for support for Ukraine’s resistance
One sender masquerading as the Ukrainian government advised citizens to replace drugs with “folk methods” using plants. Another email, allegedly from the Ministry of Agriculture, suggested eating “pigeon risotto.”
The second wave of emails targeted both Ukrainian citizens and residents of other European countries. All of them, however, were written in Ukrainian.
They featured darker messaging. One message suggested that recipients amputate a limb to avoid military deployment.
The PSYOPs campaign joins the “firehouse of falsehood” that has targeted Ukraine since Russia’s full-scale invasion.
To tackle disinformation, ESET recommends a mix of smart email filtering, education, and double-checking.
“Additionally, using trusted fact-checking services can help individuals and organisations verify the validity of contentious information,” Jake Moore, Global Cybersecurity Advisor at ESET, told TNW.
“Lastly, if you spot a dodgy source of disinformation, it can help reduce the spread by notifying the email service provider by placing it in the spam folder.”