A group of Bulgarian cybersecurity experts, known as BG Elves, has revealed that the Russian Federation spent 69 million euros to finance a large-scale propaganda and interference campaign targeting Bulgaria and Romania, writes Novinite.
According to BG Elves, the funds were transferred through small, hard-to-detect transactions of up to 5,000 euros each. The aim was to spread Russian influence and promote far-right narratives in the two countries. BG Elves claims to have obtained documents linking these cash flows to companies and individuals operating in both Bulgaria and Romania, with the clear aim of manipulating public opinion.
The allegations come in the context of Romania being the target of manipulation during the presidential elections when independent candidate Călin Georgescu had a huge surge on the Chinese network TikTok.
In the past 48 hours, the BG Elves group focused on combating disinformation and hybrid threats said it had shared this information with journalists and investigative services in Romania, the UK and Ukraine. The exchange of details, they claim, was extensive and exceeded their expectations. They further highlighted the complexity of the scheme, which has been operating for years, with its origins dating back to 2010.
During the investigation, BG Elves discovered traces of Russian domains behind the systems used to manipulate society, many of which were copied from credible sources so as to appear legitimate. Despite this, the old Russian domains still remain visible in some places.
BG Elves detailed how these systems were structured, with servers rented in the Netherlands and Germany. They pointed to a specific company, Adnow, which played a significant role in distributing propaganda and advertisements with controversial content. The ads in question, which often promote sensational and misleading claims, aim to influence the public through the use of algorithms and tracking tools. The connection between Adnow and Călin Georgescu’s campaign was also written about by the publication Snoop.
BG Elves discovered that the systems used by Adnow collect and profile users based on the content they consume, creating very detailed profiles with information to tailor content to individuals more effectively.
The ultimate goal of this operation, according to BG Elves, is to manipulate users into providing personal information through false offers and prize schemes. Once obtained, the data is allegedly sent to Russia, where it is used to launch other targeted attacks.
BG Elves detailed how a mobile game development company used this personal information to install software on users’ devices, giving them complete remote access. This malware, known as a RAT (Remote Access Trojan), allows attackers to monitor victims’ personal communications and exploit their contacts, potentially allowing perpetrators to manipulate and spread disinformation.
BG Elves also explained how the scale of the operation is huge. They estimated that Adnow, which generates millions of impressions each month, could have infected thousands of users, allowing the attackers to reach a substantial portion of the Bulgarian population. They also pointed out that the activities of these Russian-backed entities have expanded significantly and now include a wide range of services, such as bot farms and VPNs, all designed to support the distribution of propaganda.
This investigation highlights a worrying breach of national security, with BG Elves stressing the importance of addressing these threats.
