🧵9/📕Our report: #CyberWar #ThreatIntel #APT.

🧵8/ cc🔍 @Max_Mal_ @JAMESWT_MHT @abuse_ch @RussianPanda9xx @1ZRR4H @malwrhunterteam @spamhaus @R3dHash @stdal_ @ncaproni @banthisguy9349 @Gi7w0rm.

🧵7/🧩 The full picture: A vast network of Russian-aligned intrusion sets leveraging global bulletproof hosting, fake shell corps, and recycled ransomware infrastructure to target Ukraine & its allies on multiple fronts. 📉 Espionage 💣 PsyOps 🪓 Ransomware #UAC0050 #UAC0006.

🧵6/🇺🇸 The U.S. Treasury sanctioned Zservers(Seychelles 🇸🇨 BPH provider) for aiding #LockBit. Same 2 officers are listed as managing this newer infra too. 🔀 IPv4 prefixes from Zservers were moved to new Russia-based or offshore networks:.#AS213194.#AS61336.#AS213010.

🧵5/📌 IPs from have been previously used by ransomware groups like:.#BlackBast🦹‍♂️.#Cactus🌵.#RansomHub 🏴.👁 Impressive overlap between PsOps, espionage and ransomware infrastructure.

🧵4/ For #UAC0006: 🌐 IPs from Global Connectivity Solutions LLP (AS215540 - UK) routed through Stark Industries (AS44477) .⬅️ May be tied to 🇷🇺 Global Internet Solutions LLC (AS207713) .Both serve as legal fronts for bulletproof hoster 4vps[.]su 🛡️.

🧵3/ Since Jan 2025, #UAC0050 adopted NetSupport Manager for malware delivery. 🕵️‍♂️ Used Ukrainian IPs managed by:.- Karina Rashkovska.- Virtualine (AS215789 & AS214943) 🏢 Virtualine hosted infra via shell company Railnet LLC (in Kentucky 🇺🇸), linked to White Label Networks.

🧵2/🧠 Psychological ops (#PsyOps) were key: .📩 Emails mimicking terrorist & bomb threats sent to 🇺🇦 and allies 🇨🇭🇩🇪🇵🇱🇫🇷 throughout Dec 2024. 🔎 Strong similarities with UAC-0050’s “Fire Cells Group” activities. #InfoOps #CyberThreats.

🧵1/ In Jan & Feb 2025, both groups ramped up espionage & financially-motivated spam campaigns. 📌 Focus: global targets, but heavily centered on Ukraine. 🎯 Targets:.- Govt entities.- Defense, energy & gas sectors.- Journalists.- NGOs involved in the Ukraine war.

🔎 [THREAD] – New analysis by Intrinsec Cyber Threat Intelligence on the latest operations by Russian-aligned intrusion sets #UAC0050 & #UAC0006📢 . 🔗 Our Report:

cc @R3dHash @stdal_ @ZohrBot @Jane_0sint @banthisguy9349 @Gi7w0rm @phish_report @AlexProdefence @ncaproni @Stalkphish_io.

8/8 – Read the report here: 👉 .Stay vigilant! 🔍.#Disinformation #CyberThreats #Infowar #Doppelganger #OSINT.

7/8 – Why is this alarming? .⚠️ These campaigns undermine trust in institutions and seek to influence major policy decisions in Europe. 🛑 The use of bulletproof hosting services makes combating this type of manipulation increasingly difficult.

6/8 – Who is behind this?.In 2022, Meta attributed Doppelgänger to 2 Russian entities:.📌 Structura National Technologies .📌 Social Design Agency .🔎 The report confirms that these activities have evolved, with infrastructure designed to evade detection and blocking mechanisms.

5/8 – What narratives are being spread? .📢 Core message: Western leaders neglect domestic issues in favor of supporting Ukraine, despite economic and political crises at home. 🎯 Objective: Polarize public debate and weaken European support for Ukraine.

4/8 – Why now? .📅 The campaign aligns with a crucial geopolitical moment in Europe: .✔️ Return of Donald Trump 🇺🇸 .✔️ Political crisis in France 🇫🇷 .✔️ German federal elections in February 2025 🇩🇪 .✔️ EU reaffirming its support for Ukraine 🇺🇦.

3/8 – Who are the targets? .The campaign primarily targets 📢 France, Germany, Italy, Ukraine, and Israel. 🎯 The goal is to fuel societal divisions, amplify misinformation, and manipulate political discourse within these nations.

2/8 – How does this campaign operate?.📌 Creation of fake websites mimicking influential media.📌 Automated spreading of misleading articles via bot networks on X .📌 Use of Kehr[.]io, a redirection service leveraging bulletproof hosting providers to evade detection and takedowns.

1/8 – What is Doppelgänger? .Doppelgänger is an intrusion set engaged in large-scale disinformation campaigns, spreading false narratives via bot accounts on platforms like X (Twitter). 🎯 Goal: Manipulate public opinion by exploiting social and geopolitical tensions.

🔎 [THREAD] – Doppelgänger: A New Disinformation Campaign Spreading on Social Media 📢.📄 A newly released report sheds light on the tactics used by this Russian-linked network to target multiple Western countries. ⬇️.