Cyber research warns of synthetic content targeting the election
A Russia-affiliated group’s actions, including sophisticated impersonation and spam campaigns, are likely to continue ahead of the 2024 presidential election.
New cybersecurity findings suggest that Russian-linked digital interference continues to be an ongoing threat ahead of the 2024 U.S. presidential elections, highlighting the group “Operation Overload,” using both phishing campaigns and generative artificial intelligence tools to spur election disinformation.
In a report released on Wednesday, Recorded Future, a cybersecurity intelligence company, shared information discovered by its in-house threat research arm, Insikt Group, which focused on the tactics used by Operation Overload to promote disinformation, particularly aimed at media organizations and research institutions.
“Based on documented email campaigns and social media spam, Operation Overload almost certainly prioritizes media organizations, fact-checkers, and researchers as its primary targets,” the report reads. “By overwhelming their investigative resources, the operation aims to prevent them from debunking Russian disinformation and hopes these organizations will inadvertently report on its content, thereby injecting malign narratives into mainstream political discourse via trusted parties.”
The primary vehicles Operation Overload use to push its content are email campaigns and automated coordinated inauthentic behavior — the synchronized usage of bot social media accounts to circulate information — in a bid to overwhelm recipients with fault fact-checking resources.
The spam email campaigns ask journalists and researchers to verify inauthentic content and false fact-checking resources. Recorded Future also said that actors linked to Operation Overload “almost certainly” leverage generative AI, namely voiceovers and fabricated imagery, to make its content look legitimate.
Operation Overload has a documented history of impersonating media outlets and research institutions and amplifying these materials via social media networks. One notable example is the group’s consistent activity on Telegram, a messaging platform with strong privacy and encryption but lax content moderation protocols.
Operation Overload fixates on a variety of cultural narratives within the U.S. to exacerbate ongoing political and social divisions –– a noted tactic among Russian-linked cyberactors. As the 2024 presidential elections nears, Insikt Group says that it anticipates Operation Overload to continue disseminating more false content and impersonating legitimate organizations.
“Operation Overload will almost certainly continue impersonating legitimate news organizations, likely expanding on the entities it targets to include local news organizations and major network affiliates,” the report reads.
Mitigation efforts recommended by the report focus on monitoring social media channels that may feature synthetic content from Operation Overload, strengthening authentication measures, engaging in information sharing with the larger community and publicly disclosing the potential for a given brand to be impersonated by Operation Overload actors.