Last week's events concerning the pro-Kremlin disinformation campaign

Topics of the Week

Bellingcat researchers targeted by a phishing campaign.

Latvia and Lithuania accused by Russia of breaching freedom of speech.

The United States put new sanctions on Russia for chemical weapons usage.

New study of electoral interference reveals that defamation and persuasion are more common strategies than polarization.

Good Old Soviet Joke

East Germany's boss Walter Ulbricht died and went to heaven. He knocked on St. Peter's door.

St. Peter asked: “What do you want here?”

Ulbricht answered: “I want to come in.”

St. Peter replied: “No, you go to hell.”

Three days later three devils knocked on the door to heaven and St. Peter asked them what they wanted.

The three devils said: “We are the first refugees.”

Facebook Twitter

Follow us on Facebook or Twitter!

Policy & Research News

The Kremlin phishes in a guarded pond

Bellingcat’s researchers specializing in Russian intelligence activities were targeted by a phishing campaign. Due to the sensitivity of their work, the investigators use ProtonMail, one of the most secure email providers for professional communication.  According to the provider’s official statement, the attack happened on July 24 and specifically targeted users from Bellingcat.

Phishing is an attempt to obtain a user’s login credentials by posing as a trusted entity, usually by providing a link to a website disguised as a genuine service page. In this particular case, the perpetrators intended to trick the users into entering their login details at a fake website,, designed to emulate the Swiss-based ProtonMail. The company claims that the attack was unsuccessful because of the users’ vigilance and its anti-phishing measures.

Although there is no direct evidence that the Kremlin is responsible for the attack, many details suggest its involvement. Most importantly, the operation was “in the top 1 or 2 percent in terms of sophistication”, according to Andy Yen, ProtonMail’s CEO. Also, the attackers tried to utilize a not-widely-known vulnerability in the open-source software that email providers use, which attests to their professionalism. Christo Grozev, one of the targeted Bellingcat investigators, told the Financial Times that the attack was most likely a response to their research on the GRU. On Twitter, he mentioned that the fake ProtonMail site “contains tens of thousands of lines of original, tightly written code,” which also supports the claim of the operation’s complexity. The sophistication of the attack means that a state actor is the most likely perpetrator. Given that the operation exclusively targeted researchers working on Russian intelligence operations, one can indeed safely assume that the Kremlin is responsible.

Russia accuses Latvia and Lithuania of breaching the freedom of speech

Brought to you by the Vilnius Institute for Policy Analysis

July has been rather turbulent to Russia’s propaganda machine, greatly diminishing its operating capacity in the Baltic region. Two Kremlin-controlled news agencies and have been blocked after Lithuania’s LRTK and Latvia’s IMCS UL media watchdogs followed courts' rulings to seal off user access to the above-mentioned sites.

According to Lithuanian’s Radio and Television Commission (LRTK), the reasoning behind such verdict could be explained by Sputnik’s decision to publish over a thousand copyright-protected articles belonging to Lithuania’s National Broadcaster (LRT), thus committing a major copyright violation.

Meanwhile, the BaltNews in Latvia has been accused of violating the EU regulation of March 17, 2014, on sanctions in connection with the threat to the independence, sovereignty and territorial integrity of Ukraine. Additionally, it is worth mentioning that both websites are part of the Rossiya Segodnya media holding with its headquarters located in Moscow.

As expected, Kremlin loyalist media representatives were quick to condemn Baltic governments over their supposedly “unlawful and demagogic” decisions. According to RIA Novosti and, the governments of the Baltic States are currently taking part in a “coordinated offensive” against “independent Russian media” and are “systemically inhibiting access to freedom of speech”, thus presumably violating the basic human rights of Russian-speaking individuals residing in the Baltics.

Editor-In-Chief of both RT and Rossiya Segodnya, Margarita Simonyan, claimed she was “lost for words” and suggested that “maybe Russia should start blocking European news pages on its territory as well”, implying that a tit-for-tat approach could be taken into consideration. While, Timur Shaphir, General Secretary of the Russian Union of Journalists, claimed that the union is planning to appeal to “all available international organizations and forums” against Baltic governments’ decision.

US Developments

New US sanctions for Russia based on chemical weapons usage

Bloomberg reported that the United States is imposing new sanctions on Russia for the March 2018 poisoning of Sergei Skripal and his daughter Yulia that took place in Salisbury, England. The freshly-implemented penalties are threefold and include U.S. opposition to the extension of international loans designated for Russia, the inability for American banks to participate in non-ruble, sovereign Russian debt and additional export licensing restrictions on Department of Commerce goods and technologies. According to the report, the sanctions are likely to have little effect on the Russian economy as they have deep cash and gold reserves to the excess of $500 billion dollars. On the surface, the sanctions can be perceived as mostly symbolic as they assume Russia’s direct guilt in connection with the Skripal affair, which the Kremlin denies involvement. Moscow stated that the sanctions would serve for nothing more than to worsen already damaged US-Russian relations.

Senate Intel Committee: Russia targeted all 50 states in 2016 US election

A recent Politico breakdown of a Senate Intelligence Committee report reveals that Russia meddled in all 50 states with varied tools and intentions. The 67-page document has been released by the committee for public consumption, although it is heavily redacted as US intelligence agencies felt a bulk of the material was too sensitive to share. Highlights of the report indicate that not only did Russian actors interfere in every state, but in some cases, the hacking efforts resulted in “data exfiltration from the voter registration database.” This elevated capability showcases a new vulnerability to American voters and should be taken seriously.

The report, released just a day after special counsel Robert Mueller’s testimony, sparked new dialogue amongst bipartisan voices in the senate with conversation centring on reinforced American efforts to combat impending 2020 interference. At the core of the debates is a spending bill that would allow all 50 states the necessary funding to update ageing voting machines. In the face of a strong warning from Mueller about Russia’s ongoing campaign, there is push back from Senate Majority Leader Mitch McConnell who continues to block the protective legislation from going forward. Despite partisan banter, Intelligence Chairman Richard Burr reiterated a collective and undeniable truth circling Moscow’s 2016 interference campaign stating that “the U.S. was unprepared at all levels of government for a concerted attack from a determined foreign adversary on our election infrastructure.”

Facebook Twitter

Follow us on Facebook or Twitter!

Kremlin Watch Reading Suggestion

Trends in Online Foreign Influence Efforts

Our reading recommendation this week is the recent publication of Princeton University’s Diego A. Martin and Jacob N. Shapiro who have built a database of foreign influence efforts around the world. Their database covers the years 2013-2018 and catalogues fifty-three influence efforts in twenty-four countries. To be included in the database, influence operations have to meet three criteria: (1) action by one state against another in the media, (2) an identifiable political goal, and (3) producing fake content that is meant to appear as being produced organically in the target state.

Martin and Shapiro found that these influence efforts deployed a wide range of strategies with no clearly definable trends. On average, these attacks lasted 2.2 years and were used in support of numerous political goals including supporting referendums or political parties (usually far-right parties but not exclusively), discrediting institutions, undermining support for various governments, influencing elections, and attacking political figures.

Russia was the primary actor, accounting for 72% of the fifty-three influence efforts. China, Iran and Saudi Arabia were responsible for the majority of the remaining operations. The authors also found that Twitter was the most common platform used in these efforts, followed by news outlets and Facebook. Additionally, the use of Instagram and YouTube rose steadily throughout this time. Martin and Shapiro found that, contrary to popular belief, influence efforts only used polarization as a strategy 15% of the time. Defamation (65%) and persuasion (55%) were far more common strategies. Influence efforts typically used a combination of these strategies in conjunction with the tactical use of trolls, bots, and fake accounts to spread their message.

Do you like our work?

Our effort to protect liberal democracy across Europe is dependent on private donations.

Support us

Kremlin Watch is a strategic program of the European Values Think-Tank, which aims to expose and confront instruments of Russian influence and disinformation operations focused against liberal-democratic system.

  • For comments related to content or media inquiries, please contact the Director of the European Values Think-Tank Jakub Janda at (+420 775 962 643)
  • For Monitor suggestions or technical comments, please contact Kremlin Watch Coordinator and Analyst Veronika Víchová at 
Facebook Twitter

European Values Think-Tank

+ 420 773 064 169

Facebook Twitter Youtube

We regularly publish various specialised newsletters that can be delivered directly into your inbox. 


You can opt out at any time.