Executive Summary đź”—︎
In July of 2020, the “Ghostwriter” disinformation campaign targeting countries like Poland, Latvia and Lithuania came to light. A report from the Cybersecurity firm Mandiant pointed to a hacker group aligned with “Russian security interests” looking to discredit NATO in said countries since at least 2017.
According to Mandiant, the hacker group carried out its disinformation campaign against NATO by hacking news outlets and substituting verified news with fake ones, publishing fake news on websites accepting user generated content such as social media (UCG), and targeting websites linked to the Defense Ministries of the countries. NATO is not the only target of the Kremlin-backed propaganda machine. It has attacked everything from elections in third-countries to vaccination efforts during the Covid pandemic. It is also not the only actor attempting to destabilize Western nations and their alliances through the spread of disinformation.
Given the speed and reach with which information spreads these days, investigating and attributing disinformation campaigns without the right set of tools can prove to be an arduous endeavour. However, Maltego can greatly reduce the time needed to conduct investigations that would normally take an analyst several days if done manually.
While Maltego’s data mining capabilities help analysts dramatically speed up their data gathering process, its graphical link-analysis combined with numerous data integrations allows them to pivot between different types of data and data sources. By combining all these puzzle pieces in one graph, analysts can find the groups behind specific disinformation campaigns.
Sourcing Outlets Spreading NATO Disinformation đź”—︎
The goal of the following workflow is to use Maltego to retrieve publications as well as the outlets and organizations behind the spread of disinformation seeking to compromise NATO’s position in countries once belonging to the USSR or Warsaw Pact that are now part of NATO.
Hub Items that will be of use for this investigation are the Maltego Standard Transforms, Silobreaker, and Orbis – Bureau van Dijk Hub Items. Additionally, we will be using custom Views, which will help to visually display the information on the graph in particular ways facilitating its initial analysis.
Download the resource
Don’t forget to follow us on Twitter and LinkedIn and sign up to our email newsletter, so you don’t miss out on updates and news!
Happy investigating!