After a slow start, Microsoft’s Threat Analysis Center (MTAC) reports that Russian influence operations “have picked up steam in the past two months.”  Microsoft’s analysis comes as two EU-leader, Belgium and the Czech Republic are seeking European sanctions for Russian interference in EU elections taking place from 6-9 June.

Little to Lose and Much to Gain

“The deteriorated geopolitical relationship between the United States and Russia leaves the Kremlin with little to lose and much to gain by targeting the US 2024 presidential election,” remarked Microsoft in their latest report. This sentiment highlights the heightened stakes as Russian disinformation campaigns escalate in the run-up to the US election.

In the past 45 days, Russian influence operations have surged into action, revealing Kremlin operatives’ relentless drive to shape American opinion. Their latest manoeuvres have focused in on reshaping perceptions of Ukraine among US voters.

While current activity levels trail those of the 2016 and 2020 elections, the potential for rapid escalation in the months ahead looms large.

Prominent Actors

MTAC reveals a coordinated effort by at least 70 Russian groups waging a disinformation campaign against Ukraine across traditional and social media. This aggressive push of false narratives aims to undermine US policies regarding Ukraine, ultimately weakening support for the Ukrainian government.

Among the prominent actors in this arena are referred to as Storm-1516 and Storm-1099, each employing distinct tactics to achieve their objectives.

Storm-1516, believed to be affiliated with the Russian Presidential Administration, has succeeded in infiltrating online spaces frequented by English-speaking audiences, spreading disinformation that portrays Ukrainian President Volodymyr Zelensky as incompetent and his government as corrupt.

Storm-1516’s playbook is simple; it starts with a fake whistleblower or citizen journalist planting disinformation on a shadowy video channel they’ve created. Then, a network of websites, seemingly unconnected but under their control, amplifies the story, spreading the misinformation like wildfire.

Meanwhile, Storm-1099, best known for a large-scale website forgery operation called “Doppelganger,” operates a complex network of fake media outlets. The group creates seemingly credible, branded outlets – for instance, “Election Watch” and “50 States of Lie” – that they then weaponise to circulate anti-Ukraine propaganda. Their efforts target supporters of Ukraine and appear to be particularly focused on swaying the U.S. political landscape. This strategy has been in effect since spring 2022.

The report also highlights the resurgence of figures like Andrei Derkach, a former Ukrainian Parliamentarian and US-sanctioned Russian agent, who spearheaded the “NABU Leaks” campaign targeting then-former Vice President Joe Biden during the 2020 election cycle.

In early January 2024, Derkach resurfaced on social media platforms for the first time since Russia’s full-scale invasion of Ukraine in 2022. He immediately began disseminating recycled and new disinformation targeting U.S. backing for Ukraine.

The findings also shed light on the evolving tactics employed by Russian threat actors, including hack-and-leak operations orchestrated by groups like Star Blizzard, reportedly affiliated with Russia’s FSB Centre 18. While these activities may not yet be directly linked to the 2024 election, their focus on US political figures and policy circles suggests a concerted effort to influence outcomes in November. Notably, the group has previously drawn attention from the UK National Cyber Security Centre for alleged cyber-attacks on the UK and US over the years.

EU leaders call for sanction for Russian interference in elections

Microsoft’s alert about a Russian online disinformation upcoming US election coincides with calls from Belgium and the Czech Republic for new European sanctions following early interference detected in several European Union countries. In an open letter, Belgium’s Prime Minister Alexander de Croo and Czech President Peterr Fiala said interference had already been found in several member states.

Belgium said the risk posed by Russian’s disinformation campaign extends to NATO which is headquartered near its Capital Brussels. 

The two leaders wrote, “It is the right time to establish a new restructure measure regime aimed to counter Russian malign activities.”