Operation MiddleFloor: Disinformation campaign targets Moldova ahead of presidential elections and EU membership referendum

Oct. 10, 2024, 12:39 p.m.

Description

A cyber-enabled disinformation campaign called Operation MiddleFloor is targeting Moldova's government and education sectors ahead of crucial elections and an EU membership referendum. The campaign, attributed to a Russian-speaking group named Lying Pigeon, uses spoofed emails and documents to spread anti-European and anti-government narratives. It exploits sensitive topics like gas prices, LGBT issues, and migration to influence public opinion. The operation also collects data on victims, potentially for future targeted attacks. Lying Pigeon has been linked to previous disinformation efforts across Europe, including activities around the 2023 NATO summit in Lithuania and Spanish elections. The group's sophisticated approach combines influence operations with information harvesting, posing a significant threat to Moldova's political stability and European democratic processes.

External References

https://research.checkpoint.com/2024/disinformation-campaign-moldova/
https://otx.alienvault.com/pulse/6707b7fd28542b39f93b237e
Tags
phishing
disinformation
elections
2024-10-10
moldova
eu referendum
email spoofing
lumma infostealer

Date

  • Created: Oct. 10, 2024, 11:18 a.m.
  • Published: Oct. 10, 2024, 11:18 a.m.
  • Modified: Oct. 10, 2024, 12:39 p.m.

Indicators

  • fb9105dc73a52d36a612157536322a7d3630c813f6acf1b997b370cfd768118c
  • d1b285fbe249349ae167052d81b4ab5d7e78c14e1ae617ef0985cc101a119d82
  • c8c3bcdb856b9acffa853124ed13a0cc96641691233004cbe9bf8e018edb8f1b
  • 9a06192d3d922b1e4c404d2c9bac43d3315040635c472257c7a28f51b078ccfe
  • 5c34498dfab981a4d9fb2b898d4e965ae7378e066bbf01ae29bc61adf1a66b2d
  • 4df435afa20401e3af2d17bf8dd67a9d8553520e29cc05905fc9458b8e81ce8f
  • 0e295605cfb9d922ff94d38cad5743da9e3d7d8feddee7b42ca3e2314133a0f0
  • 83.69.236.72
  • 62.106.66.90
  • 51.38.145.50
  • 45.143.167.163
  • 45.133.148.35
  • 38.180.59.182
  • 185.255.132.69
  • 194.61.121.74
  • 185.251.88.12
  • 176.124.33.59
  • 194.61.121.131
  • http://europa-eppo.eu/forms/3946275
  • gotohends@inbox.eu
  • mail.mailos.ru
  • mail.mailorun.su
  • mail.mailogon.online
  • autodiscover.te-storg.com
  • autodiscover.sapsap.site
  • autoconfig.te-storg.com
  • autodiscover.mailorun.su
  • autoconfig.sapsap.site
  • autoconfig.mailorun.su
  • vilnius-summit.lt
  • viilnius.lt
  • urm-lt.com
  • te-storg.com
  • sso-log.com
  • socialistii.com
  • socialisti.md
  • social-moldova.md
  • sapsap.site
  • pass-check.online
  • otllook.com
  • noname05716.ru
  • nnmnnm.ru
  • nask-pl.com
  • moldova-social.md
  • moldova-mediu.md
  • moldova-energie.md
  • mec-gov.md
  • md-mec.com
  • mcgov.md
  • mc-md.com
  • mailos.ru
  • mailorun.su
  • mailgon.online
  • litexpo-portal.lt
  • ivention.pl
  • isw-org.pl
  • interior-gov.es
  • gov-md.com
  • golebewski.pl
  • freepresunlimited.org
  • europa.study
  • europa.social
  • europa-eppo.eu
  • europa-ec.eu
  • eupm-moldova.md
  • energie-gov.md
  • comunicacion-presidencia-gov.es
  • comunidad-madrid.es
  • cert-pl.pl
Download all indicators here!

Attack Patterns

  • Lumma Infostealer
  • Lying Pigeon
  • T1585
  • T1589
  • T1586
  • T1588
  • T1608
  • T1583
  • T1598
  • T1592
  • T1584
  • T1566

Additional Informations

  • Education
  • Government
  • Lithuania
  • Poland
  • Spain
  • Moldova, Republic of