So just to be explicit about our research @ThreatConnect, we initially came across the cubenergy-my-sharepoint[.]com by exploiting some consistencies that we've seen in previous Fancy Bear infrastructure.
To be specific, the use of a PositiveSSL certificate in conjunction with a Sharepoint-related string, has been used several times previously by Fancy Bear and not widely seen elsewhere.
Notably, that was seen in several of the Fancy Bear domains spoofing NGOs that Microsoft sinkholed earlier this year, like soros-my-sharepoint[.]com and transparencyinternational-my-sharepoint[.]com.
Heads up on some suspicious domains spoofing UKR organizations registered in the last year:
cubenergy-my-sharepoint[.]com
dpkshodnya-mysharepoint[.]com
kub-gas[.]com
kvatral95[.]com
my-ukr[.]net
On the info ops front, the Facebook page for The Right News seemingly serves as an echo chamber for The Daily Wire. Based on that page and WHOIS history for therightnews[.]net, The Right News probably is actively working on behalf of The Daily Wire without openly stating so. 1/15
In terms of background, The Right News' Facebook page was created on 11/22/13, has over 193k followers, and claims to be a Media/News company. The page posts political commentary, conservative articles, and memes. 2/15
The website listed on The Right News' Facebook page -- therightnews[.]net -- was also registered on 11/22/13 using privacy protection. Historical versions of the domain show that it was used similarly -- to share conservative, political commentary. 3/15