Hackers “aligned with Russian security interests” have been conducting a sustained influence campaign to compromise news websites in Lithuania, Latvia, and Poland and discredit NATO’s presence in Eastern Europe, according to a new report.
Some tactics of the campaign, dubbed Ghostwriter by the report authors, involved spoofing email accounts to disseminate fabricated content, as well as gaining access to news sites publishing systems and replacing their content with fabricated news articles.
According to the report, a local Lithuanian news site kaunas.kasvyksta.lt was compromised in September 2019, when a false article was published “claiming that German soldiers had desecrated a Jewish Cemetery in Kaunas”, Lithuania’s second-largest city.
“On several occasions, Ghostwriter narratives and articles have been directly disseminated over email, notably to legitimate news organizations and government officials in Lithuania and Poland, as well as NATO officials,” the report said.
The emails were designed to appear as coming from military officials and political figures in the targeted countries.
For example, a fabricated letter as if authored by NATO Secretary General Jens Stoltenberg suggested that NATO was planning to withdraw from Lithuania in response to the Covid-19 pandemic.
False articles have also been posted on various blogs as part of the Ghostwriter campaign. An article published on WordPress “promoted a false claim that a US Army officer serving in Lithuania had contracted Covid-19 and then interacted with the local population”.
Researchers at Mandiant, cybersecurity consultancy firm, have found a total of 14 isolated misinformation incidents in Lithuania, Latvia, and Poland.
The report concluded that “Ghostwriter narratives have aligned with Russian security interests”, making Russian hackers the main suspects of conducting the misinformation campaign.