The Irish Press - Bluesky accounts hijacked in pro-Russia propaganda campaign

The campaign, which the researchers at Clemson University linked to the Moscow-based firm Social Design Agency (SDA), targeted journalists, academics, and filmmakers on the tech platform.

Many of the compromised accounts were used to post anti-Ukraine narratives, illustrating how pro-Kremlin propagandists are seeking novel ways to undermine support for the war-torn country that Russia invaded in 2022.

"Looks like someone got into my account and posted some story about France and Ukraine," Wall Street Journal reporter Alex Ward wrote on Bluesky.

The post in question has now been deleted and Ward said he had regained control of his account.

A database of compromised accounts -- created by an internet monitor tracking Russian influence operations and shared with AFP by a Clemson University researcher -- included at least one other Wall Street Journal reporter.

"Bluesky account got compromised and banned and then I got the account back somehow," Jake Tucker, editorial director at the PC Gaming Show, wrote on the platform.

Other compromised accounts included filmmaker Mary Beth McAndrews and academic Ben Gilbert.

"We have certainly seen bad actors use hacked accounts and stolen accounts in the past. Frequently, in fact. This seems more targeted," Clemson University's Darren Linvill told AFP.

"I've personally never seen Russia use hacked accounts at this scale before."

- 'No ethical constraints' -

It was unclear how many accounts had been hacked, with Bluesky removing many of the propaganda posts or suspending affected accounts until their owners stepped forward to regain control.

Linvill said he had personally tracked at least "a couple of hundred accounts the Russians hacked," but the real number was likely far higher.

Bluesky said it has removed 4,907 accounts linked to "state-backed influence activity" this year, roughly double the pace seen last year.

"Compromising real accounts to spread propaganda is a tactic these actors have used elsewhere for years, but this is the first time we've seen them attempt it on Bluesky," the platform's safety team wrote in a post.

"The accounts accessed were mostly older and dormant, though some active accounts were affected too."

"To be clear, Bluesky's systems were not breached. Individual user accounts were compromised, likely via credentials leaked in data breaches."

Clemson University attributed SDA's campaign to a Kremlin influence operation known among researchers as Matryoshka (Russian doll), which has been known for disinformation campaigns based on impersonation.

"It has stolen the logos of media outlets, government agencies, and private companies and used AI to clone the voices of celebrities, policemen, academics, journalists, and others," Joseph Bodnar, a senior research manager at the Institute for Strategic Dialogue, told AFP.

"Hacking into accounts to post content using someone else's identity is a logical next step for an operation that appears to have a lot of resources and no ethical constraints," Bodnar added.

- 'Sophistication isn't impact' -

The SDA has been sanctioned by the United States, European Union and the United Kingdom for information warfare campaigns.

"The SDA has been tasked and funded by the Kremlin to deliver a series of interference operations designed to undermine democracy and weaken support for Ukraine," Britain's Foreign Office said earlier this month.

The statement came after Britain unveiled new sanctions targeting 49 individuals working for the SDA, including writers, translators and video makers responsible for "deceptive Kremlin propaganda."

However, the reach of the Bluesky hacking campaign appeared to be limited, with the platform's safety team saying their "posts averaged 50 views" before they were taken down.

"Sophistication isn't impact," Bodnar said.

"Matryoshka's impact is driven more by public perception than by its ability to persuade audiences online. It's a perception hack."

burs-ac/pnb

P.Lynch--IP