Recorded Future Profile picture
Nov 17, 2022 8 tweets 5 min read Read on X
Discover multinational #InfluenceOperations at work. See how #Iran and #Venezuela can use state-sponsored media outlets, social media influencers, proxies, surrogates, and political activists in the #AlexSaab influence campaign. Read full report: bit.ly/3EPYPhv 1/8 Image
Insikt Group® identifies four phases of a multiyear influence campaign centered around indicted Alex Saab, the alleged financier and special agent to Iran for the Nicolás #Maduro regime. The Alex Saab timeline shows significant events from indictment to postponed trial. 2/8 Image
Saab, an alleged conduit of Hezbollah operations extending into Latin America, is a Colombian and Venezuelan businessman wanted by Colombian law enforcement since 2018. Maduro appointed him a special envoy to Iran after a corruption designation (by OFAC). 3/8
Initial misinformation campaigns likely began in Nigeria and amplified with #astroturfing by a firm in Ghana. Venezuela then hosted a concert to support Saab that provided psychological action by social media users and traditional media, pushing the disinformation narrative. 4/8 Image
On August 16, 2021, Iranian Foreign Ministry Spokesman Saeed Khatibzadeh denounced the US extradition of Saab. The following day, Venezuela’s teleSUR published a disinformation article titled “Venezuelan Diplomat Alex Saab Is a Prisoner of War, Iran Says” 5/8 Image
The misinformation narrative propagated through proxies, surrogates, and political activists with the central nodes for analyses pictured in this map of Iranian and Venezuelan media organizations involved in the Saab #disinformation narrative. 6/8 Image
Influence efforts expand beyond the Saab influence campaign. We identified 4 identical disinformation articles authored by Pablo Jofre Leal, published by Al Mayadeen, SANA, hispanTV, and SegundoPaso on “Washington and its destructive obsession with Venezuela”. 7/8 Image
The Saab disinformation campaign will likely continue with the purpose to pressure the US to negotiate an exchange for Saab, as well as amplify anti-US messaging to Latin American audiences. Read the report that details the four phases: bit.ly/3EPYPhv 8/8 Image

• • •

Missing some Tweet in this thread? You can try to force a refresh
 

Keep Current with Recorded Future

Recorded Future Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!

PDF

Twitter may remove this content at anytime! Save it as PDF for later use!

Try unrolling a thread yourself!

how to unroll video
  1. Follow @ThreadReaderApp to mention us!

  2. From a Twitter thread mention us with a keyword "unroll"
@threadreaderapp unroll

Practice here first or read more on our help page!

More from @RecordedFuture

Sep 10
In H1 2024, threat actors refined their tactics and introduced new techniques to evade detection and disrupt defenses. Zero-day exploits & sophisticated malware dominated the landscape. Here's what we observed 👇 Image
Newly disclosed vulnerabilities in Ivanti, PAN-OS, and Windows SmartScreen were heavily exploited, even after patches were released. The availability of proof-of-concept (PoC) exploit code fueled persistent targeting.
Infostealers like LummaC2 led the malware landscape, while ransomware strains such as Fog & RansomHub introduced passwords to validate payload execution, hindering detection.
Read 5 tweets
Nov 23, 2022
At peace and war, China’s #cyber activities alter its target’s actions with threats to punish unwanted behaviors and apply pressure to coerce. Insikt Group® analyzes the 2 elements of #weishe theory in its application against Taiwan and more. 1/5 Read: bit.ly/3VjLQd1 Image
In weishe, coercion comprises two distinct theories of action to change the behavior of a target: #Deterrence and #Compellence. Deterrence uses the threat of punishment to prevent undesirable actions, and compellence wields punishment to motivate desirable behavior. 2/5
An instance of cyber coercion might be the #defacement attack on public TV screens in #Taiwan in response to the Taiwan visit of the US Speaker of the House of Representatives Nancy Pelosi in August 2022. 3/5 Image
Read 5 tweets
Oct 13, 2022
Take a look at how #China #Russia #Iran and #DomesticExtremist conduct influence operations – #disinformation and #misinformation campaigns – to disrupt and influence US #Midterms2022 elections. Read the full report here: bit.ly/3ew3zhN Image
The #Russophobia theme emerged on a #RussiaTimes interview with #DmitryBabich and in June 2022 with FSB-directed #Southfront. This appeal to ethnic Russians could drive tension between them and US govt, possibly motivating a hack-and-leak or hack-and-fake #OctoberSurprise. 2/7 Image
Russian state-controlled media are diversifying existing infrastructure through registration of alternative website domains – website “mirrors” – and are increasingly using country code Top Level Domains within existing infrastructure. Chart shows mirror mentions for #Sputnik 3/7 Image
Read 7 tweets
Sep 22, 2022
Recorded Future analysts monitor targeting of ethnic and religious minorities by Chinese state-sponsored groups. In the first half of 2022, #TA413 exploited zero-days #Follina and CVE-2022-1040 with new custom backdoor #LOWZERO in Tibetan targeting. 1/9 bit.ly/3LwzoDf
#MalDoc lures, in Tibetan language, pose as applications for compensation, contest... This one sent from tibet[.]bet was weaponized with #RoyalRoad SHA 028e07fa88736f405d24f0d465bc789c3bcbbc9278effb3b1b73653847e86cf8, drops #LOWZERO and contacts hardcoded C2 45.77.19[.]75. 2/9 Image
Sent from the same domain, this lure has #phishing email links to tibet-gov.web[.]app posing as the Tibetan government-in-exile. Sent in 2 waves, the 1st email links to .docx attachment hosted on Google Firebase which attempts #Follina via the ms-msdt MSProtocol URI scheme. 3/9 Image
Read 9 tweets

Did Thread Reader help you today?

Support us! We are indie developers!


This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3/month or $30/year) and get exclusive features!

Become Premium

Don't want to be a Premium member but still want to support us?

Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal

Or Donate anonymously using crypto!

Ethereum

0xfe58350B80634f60Fa6Dc149a72b4DFbc17D341E copy

Bitcoin

3ATGMxNzCUFzxpMCHL5sWSt4DVtS8UqXpi copy

Thank you for your support!

Follow Us!

:(