Press Center

Malware and antivirus software

News

What is a PSYOP, and how can it be used in hybrid war?

Created: 2024-02-23 07:45:00

 
 

ESET Research recently discovered a new disinformation campaign, Operation Texonto, aiming to break the spirits of Ukrainian people close to the second anniversary of Russia’s full-scale invasion of Ukraine.

The notion that war is only physical and happens exclusively in the real world has long been disproven. Many believe that Stuxnet was the first indicator that international conflict had moved to a hybrid setting, in which digital actions could impact physical outcomes. Today we see a different digital dimension to conflicts: psychological operations that are being carried out online and aim to demoralize and break the spirit of targeted communities and, in this latest case, ultimately trying to convince participants that Russia holds the upper hand.

Stuxnet is a malicious computer worm, first identified in 2010, that targets industrial control systems and was responsible for causing substantial damage to Iran’s nuclear program. Unlike typical malware, Stuxnet does not just steal information but is designed to sabotage systems and cause real-world physical effects, marking a significant evolution in cyber warfare tactics.

Operation Texonto, a new component to the already hybrid war between Russia and Ukraine – in addition to numerous DDoS attacks and cyber threats involving malware – is a PSYOP.

A PSYOP is a psychological operation with the goal of conveying selected information and indicators to certain audiences to influence their motives, objective reasoning, and behaviors. This can be aimed at countries, organizations, and groups of power. In this case, it is to raise doubts in the minds of Ukrainians (and citizens of other European countries).

PSYOPs are not only confined to kinetic warzones but are also being sophisticatedly deployed to interfere in electoral processes, influence public opinion, and undermine democratic governments in countries that are not at war. They leverage new technologies to amplify their impact and reach, marking a new era in psychological warfare.

PSYOP almost three years into the war
Operation Texonto, which is the name given to the campaign by ESET Research, mostly consists of spam emails. ESET detected two different waves of this attack: the first in November 2023 and the second at the end of December 2023.
In the first wave, which seemed to be more elaborate, ESET detected a wave of emails delivered to hundreds of Ukrainians’ mailboxes (people working in government, energy companies, individuals, etc.) with a PDF attachment.
The goal of this email was to demoralize and sow doubt in the minds of Ukrainians. One of the emails suggested that there might be “heating interruptions this winter.” Another was allegedly from the Ukraine Ministry of Health, claiming that there was a shortage of medicine available. Another suggested that people eat “pigeon risotto,” giving instructions on its preparation, claiming a shortage of food in the country.

 

Figure 5. PDF allegedly from the Ministry of Agriculture 

The aim of these was most likely to instill fear and demoralize Ukrainians in an effort to destabilize communities and the resolve of Ukrainian citizens. This campaign also shares some similarities with campaigns using social engineering; however, none of these emails included malicious links or urged people to give up their personal information. The techniques used here align with common Russian propaganda themes. They are trying to make Ukrainian people believe they won’t have enough resources and heat as a result of Russian aggression.

Social engineering is a tactic used by cybercriminals to manipulate people into sharing information they normally wouldn´t share, download malicious software, or send money to a perpetrator. This tactic is used on individuals and businesses alike.

The second wave appeared a little less elaborate or even ill-prepared but was much darker in its messaging. The emails included disturbing messaging, with the attackers pretending to be Ukrainian citizens urging other Ukrainians to mutilate themselves to avoid military deployment. Sadly, this is a textbook wartime PSYOP campaign.
Spearphishing in the wild
In addition to the misinformation campaign, ESET Research also detected spearphishing campaigns targeting a Ukrainian defense company in October 2023 and an EU agency in November 2023. Both aimed to steal Microsoft Office 365 account credentials. These campaigns share similarities with the abovementioned PSYOPs; thus, ESET researchers believe these are connected.

Spearphishing is a highly tailored campaign through which attackers use social engineering techniques to urge the victims to click on a malicious link or an attachment. The goal is to steal sensitive information and/or enter a network undetected.

ESET Reserach also revealed that the domain names used as part of Operation Texonto related to internal Russian topics, such as Alexei Navalny, a well-known Russian opposition leader. Navalny was recently declared dead while serving jail time in Russia.
Those domains include:
•    navalny-votes[.]net
•    navalny-votesmart[.]net
•    navalny-voting[.]net

From the mentioned domains, researchers believe that it’s possible that the operation also included spearphishing or information operations targeting Russian dissidents.

A new layer of complexity to the war
The emergence of PSYOPs on the digital landscape of warfare has added a new layer to the already complex and ongoing hybrid war between Russia and Ukraine. Since the start of the Russian invasion, Russia-aligned groups, such as Sandworm, have been busy disrupting Ukrainian infrastructure using wipers. Operation Texonto is yet another use of technology to try to influence the outcome of the war. It underscores the shifting battlegrounds, from physical to psychological, aiming to demoralize and destabilize communities through disinformation campaigns.
It is crucial for nations, organizations, and individuals to stay vigilant, prioritize cybersecurity, and promote accurate information dissemination to counter such threats. As we circle back to the initial concept of PSYOPs, it’s evident that while the tactic has been in use for a long time, its modern incarnations are more sophisticated and insidious. This underscores the importance of understanding and recognizing PSYOPs as part of the broader spectrum of hybrid warfare tactics, a component that is likely to become increasingly prevalent in future conflicts.
To read more from ESET Research, head over to WeLiveSecurity.com.



About ESET
ESET develops software solutions that deliver instant, comprehensive protection against evolving computer security threats. ESET pioneered and continues to lead the industry in proactive threat detection. ESET NOD32 Antivirus, its flagship product, consistently achieves the highest accolades in all types of comparative testing and is the foundational product that builds out the ESET product line to include ESET Smart Security. ESET Smart Security is an integrated antivirus, antispyware, antispam and personal firewall solution that combines accuracy, speed and an extremely small system footprint to create the most effective security solution in the industry. Both products have an extremely efficient code base that eliminates the unnecessary large size found in some solutions. This means faster scanning that doesn’t slow down computers or networks. Sold in more than 160 countries, ESET has worldwide production headquarters in Bratislava, SK and worldwide distribution headquarters in San Diego, U.S. ESET also has offices in Bristol, U.K.; Buenos Aires, AR; Prague, CZ; and is globally represented by an extensive partner network. For more information, visit our local office at https://eset.version-2.sg.

About Version 2 Limited
Version 2 Limited is one of the most dynamic IT companies in Asia. The Company develops and distributes IT products for Internet and IP-based networks, including communication systems, Internet software, security, network, and media products. Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 Limited offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which includes Global 1000 enterprises, regional listed companies, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities. For more information, please visit https://www.version-2.com.sg/ or call (65) 6296-4268.

Why ESET?

ESET has over 25 years' experience of helping people to Enjoy Safer Technology. Our software is light on hardware, but hard on malware.

Our Technology

ESET’s award-winning NOD32® Antivirus technology is at the cutting edge of digital security. It’s updated daily to keep you secure.

Free Support

Enjoy your free, industry-leading customer support locally. For technical, sales and marketing enquires dial +65 6296 4268.