The Internet Research Agency is infamous for flooding mainstream social media platforms with compelling disinformation campaigns. The GRU, Russia’s military intelligence agency, deploys strategic data leaks and destabilizing cyberattacks. But in the recent history of Russia’s online meddling, a third, distinct entity may have been at work on many of the same objectives—indicating that Russia’s disinformation operations went deeper than was publicly known until now.
Dubbed Secondary Infektion, the campaign came on the radar of researchers last year. Today, the social media analysis firm Graphika is publishing the first comprehensive review of the group’s activity, which seems to have begun all the way back in January 2014. The analysis reveals an entity that prioritizes covering its tracks; virtually all Secondary Infektion campaigns incorporate robust operational security, including a hallmark use of burner accounts that only stay live long enough to publish one post or comment. That’s a sharp contrast to the IRA and GRU disinformation operations, which often rely on cultivating online personas or digital accounts over time and building influence by broadening their reach.
Secondary Infektion also ran disinformation campaigns on a notably large array of digital platforms. While the IRA in particular achieved virality by focusing its energy on major mainstream social networks like Facebook and Twitter, Secondary Infektion took more than 300 platforms in all, including regional forums and smaller blogging sites. The combination of widespread and endless burner accounts has helped the group hide its campaigns—and its motives—for years. But the approach also made the actor less influential and seemingly less effective than the IRA or GRU. Without being able to build a following, it’s difficult to get posts to take off. And many Secondary Infektion campaigns were either flagged by platform anti-abuse mechanisms or simply pilloried by regular users.