Operation MiddleFloor: Disinformation campaign targets Moldova ahead of presidential elections and EU membership referendum

Oct. 10, 2024, 12:39 p.m.

Description

A cyber-enabled disinformation campaign called Operation MiddleFloor is targeting Moldova's government and education sectors ahead of crucial elections and an EU membership referendum. The campaign, attributed to a Russian-speaking group named Lying Pigeon, uses spoofed emails and documents to spread anti-European and anti-government narratives. It exploits sensitive topics like gas prices, LGBT issues, and migration to influence public opinion. The operation also collects data on victims, potentially for future targeted attacks. Lying Pigeon has been linked to previous disinformation efforts across Europe, including activities around the 2023 NATO summit in Lithuania and Spanish elections. The group's sophisticated approach combines influence operations with information harvesting, posing a significant threat to Moldova's political stability and European democratic processes.

Date

  • Created: Oct. 10, 2024, 11:18 a.m.
  • Published: Oct. 10, 2024, 11:18 a.m.
  • Modified: Oct. 10, 2024, 12:39 p.m.

Indicators

  • fb9105dc73a52d36a612157536322a7d3630c813f6acf1b997b370cfd768118c
  • d1b285fbe249349ae167052d81b4ab5d7e78c14e1ae617ef0985cc101a119d82
  • c8c3bcdb856b9acffa853124ed13a0cc96641691233004cbe9bf8e018edb8f1b
  • 9a06192d3d922b1e4c404d2c9bac43d3315040635c472257c7a28f51b078ccfe
  • 5c34498dfab981a4d9fb2b898d4e965ae7378e066bbf01ae29bc61adf1a66b2d
  • 4df435afa20401e3af2d17bf8dd67a9d8553520e29cc05905fc9458b8e81ce8f
  • 0e295605cfb9d922ff94d38cad5743da9e3d7d8feddee7b42ca3e2314133a0f0
  • 83.69.236.72
  • 62.106.66.90
  • 51.38.145.50
  • 45.143.167.163
  • 45.133.148.35
  • 38.180.59.182
  • 185.255.132.69
  • 194.61.121.74
  • 185.251.88.12
  • 176.124.33.59
  • 194.61.121.131
  • http://europa-eppo.eu/forms/3946275
  • gotohends@inbox.eu
  • mail.mailos.ru
  • mail.mailorun.su
  • mail.mailogon.online
  • autodiscover.te-storg.com
  • autodiscover.sapsap.site
  • autoconfig.te-storg.com
  • autodiscover.mailorun.su
  • autoconfig.sapsap.site
  • autoconfig.mailorun.su
  • vilnius-summit.lt
  • viilnius.lt
  • urm-lt.com
  • te-storg.com
  • sso-log.com
  • socialistii.com
  • socialisti.md
  • social-moldova.md
  • sapsap.site
  • pass-check.online
  • otllook.com
  • noname05716.ru
  • nnmnnm.ru
  • nask-pl.com
  • moldova-social.md
  • moldova-mediu.md
  • moldova-energie.md
  • mec-gov.md
  • md-mec.com
  • mcgov.md
  • mc-md.com
  • mailos.ru
  • mailorun.su
  • mailgon.online
  • litexpo-portal.lt
  • ivention.pl
  • isw-org.pl
  • interior-gov.es
  • gov-md.com
  • golebewski.pl
  • freepresunlimited.org
  • europa.study
  • europa.social
  • europa-eppo.eu
  • europa-ec.eu
  • eupm-moldova.md
  • energie-gov.md
  • comunicacion-presidencia-gov.es
  • comunidad-madrid.es
  • cert-pl.pl

Attack Patterns

  • Lumma Infostealer
  • Lying Pigeon
  • T1585
  • T1589
  • T1586
  • T1588
  • T1608
  • T1583
  • T1598
  • T1592
  • T1584
  • T1566

Additional Informations

  • Education
  • Government
  • Lithuania
  • Poland
  • Spain
  • Moldova, Republic of