Russia wants to dominate social media with disinformation on a "massive scale" through a botnet.
A recent report from cybersecurity firm Nisos claimed that a Moscow-based firm could spread disinformation "at a frightening rate" thanks to "a customizable suite tied to a malicious network," per Gizmodo.
Nisos' report is based on information stolen from the firm and leaked by the hacktivist group "Digital Revolution" in March 2020.
Russia Botnet: How It Works
According to Nisos' report, 0Day Technologies, the Moscow-based firm in question, uses a botnet named "Fronton," which has a dashboard suite capable of generating fake social media profiles and inauthentic content at a "frightening rate."
Fronton could also be used to perform DDoS attacks or Distributed Denial of Service attacks that could "turn off the Internet in a small country," according to ZDNet and The Record. Although the botnet was initially thought to execute DDoS attacks, analysts eventually uncovered that it was developed for "coordinated inauthentic behavior on a massive scale."
The suite, which is dubbed SANA, enables its user to "formulate and deploy trending social media events en masse," according to Nisos. This capability allows SANA to create "newsbreaks," or massive coordinated posting efforts that generate "noise" around a brand or company and attract media attention.
SANA also consists of a web-based dashboard with various functions aside from the previously mentioned "newsbreaks."
The dashboard has Groups for bot management; Behavior Models, which create bots that impersonate human social media users; Response Models that dictate how the bots react or respond to messages and content, including breaking news; Dictionaries that store phrases, words, quotes, and comments to use across social media for any kind of reaction; and Albums, which stores images for platform bot accounts.
Read More : Genshin Impact's Version 2.7 Arrives on May 31
SANA also allows users to create social media accounts using auto-generated email and phone numbers and to spread content across social networks, blogs, forums, and other social media platforms. These users can also set schedules for posts, and reactions and configure how many likes, comments, and reactions a bot should create.
To convince people that a bot is authentic, users can specify how many "friends" a bot should maintain to look the part.
It is important to note that 0Day Technologies once worked with the Federal Security Service, one of Russia's primary intelligence agencies, as its subcontractor.
0Day Technologies also had connections in the hacking underground - a LinkedIn profile for Pavel Sitnikov, who currently works for 0Day Technologies as its systems analyst, is also known as FlatL1ne in the hacking community and has connections to the Russian hacking group APT28 aka Fancy Bear.
Sinikov was arrested by Russian authorities in 2021 on charges of distributing malware through his Telegram channel, which he did along with data leaks and educational materials.
Fronton and SANA in 2022
SANA still exists within 0day Technologies, which moved their domain to 0day[.]llc, with the title of the page being аналитическая система, meaning "Analytical System."
The botnet's past deeds have not gone undiscovered; an example of its work was found on the BBC coverage of the criticism of a sculpture of a large wooden squirrel sculpture erected in Kazakhstan in 2018, with some of the criticism being inauthentic and generated by SANA and Fronton.
Related Article : Apple Adds the App From Putin's Critics Back to the Russia App Store