Researchers from Qurium and EU DisinfoLab have uncovered a sprawling Russian-language disinformation network, known as Doppelgänger, operating extensively across Europe. Since at least May 2022, Doppelgänger has utilized a sophisticated strategy involving fake news sites designed to emulate reputable media outlets like Germany’s Der Spiegel and Britain’s The Guardian. These sites serve as platforms for spreading Kremlin-aligned propaganda and fostering division among Western nations, leveraging the credibility of established media brands to amplify false narratives and influence public opinion.
The investigation revealed that Doppelgänger has strategically established numerous legal entities in the U.K., often under the guise of young Russian nationals, to mask its true origins and facilitate its disinformation campaigns. These entities play a crucial role in maintaining operational cover and providing a veneer of legitimacy to the network’s activities, which extend beyond mere propaganda dissemination. Doppelgänger’s operations also include hosting services facilitated by Aeza, a Saint Petersburg-based company implicated in enabling both disinformation and cybercriminal activities. Aeza reportedly offers services to suspected criminals via its servers, including those linked to malware infrastructures like Lumma and Meduza, further complicating efforts to combat online threats.
The network’s technical infrastructure spans more than 300 network prefixes and 100,000 IP addresses, with an estimated market value of €5 million or monthly leasing costs around €50,000. This scale suggests substantial financial backing, potentially from external actors supporting the network’s expansive operations aimed at destabilizing democratic institutions and sowing distrust in Western societies. Despite efforts by researchers and digital rights advocates to expose Doppelgänger’s activities, questions remain about the effectiveness of European authorities in addressing the threat posed by such sophisticated disinformation networks.
Early alerts based on these findings have been shared with government agencies in multiple European countries, though concrete actions to disrupt Doppelgänger’s operations have not yet materialized. The revelations underscore ongoing challenges in combating disinformation and cyber threats, highlighting the need for robust international cooperation, enhanced regulatory frameworks, and proactive measures to safeguard against malicious online activities targeting democratic institutions and public trust in an increasingly interconnected digital landscape.
