Security News > 2020 > July > 'Ghostwriter' – Widespread Disinformation Campaign Associated with Russia
FireEye security researchers have linked a series of disinformation operations that have been ongoing since at least March 2017.
While some of the aspects of the campaign resemble those of the Secondary Infektion operation, the researchers did not observe cyber threat activity to support the previously detailed operations, and many other attributes of the newly detailed attacks are different.
According to FireEye, some of the personas abused in the campaign have been coordinating with each other, and many were observed publishing content as part of the same operation.
The 14 personas associated with the campaign have been active in at least 15 suspected Ghostwriter operations since 2017.
"The Ghostwriter campaign leverages traditional cyber threat activity and information operations tactics to promote narratives intended to chip away at NATO's cohesion and undermine local support for the organization in Lithuania, Latvia, and Poland. While the operations so far have targeted audiences in this limited set of countries, we caution that the same tactics employed in the Ghostwriter campaign can be readily repurposed and used against other target geographies," FireEye concludes.