Sweeping Russian disinformation effort relied on blog posts, social media to target Kremlin rivals

Whether Operation Secondary Infektion had a strong influence remains unclear.
(Flickr/Markus Spiske)

A years-long propaganda effort that relied on thousands of blog articles and internet forgeries to discredit adversaries of Russian President Vladimir Putin is the latest reminder that Kremlin operatives are trying to influence foreign affairs, even if their level of success often is difficult to measure.

Since 2014, Russian disinformation specialists have authored roughly 2,500 anonymous blog stories, social media posts and other techniques in an attempt to amplify Kremlin messaging, according to findings published Tuesday by social media analysis firm Graphika. The activity focused on a range of other topics long-favored by Russian propaganda, such as the Ukrainian government, former U.S. presidential nominee Hillary Clinton and the World Anti-Doping Agency. One facet of the campaign portrayed German Chancellor Angela Merkel as an alcoholic.

Graphika describes the scheme as Operation Secondary Infektion, borrowing the name from a KGB plot which suggested the U.S. had invented the AIDS virus. While researchers noted that the quantifiable influence was relatively small, the information operation occurred over a six-year span in which international intelligence agencies and private security firms frequently blamed Russian hackers for cyberattacks against many of the same targets.

“Almost none of the operation’s posts across six years of activity achieved any measurable engagement, in terms of shares, likes and positive reactions across platforms,” the report noted. “This may indicate that the operators were not interested in engagement metrics — for example, if they were driven by production quotas rather than engagement targets — or that they were using some other form of metrics not visible to outside observers.”


Facebook first tied Secondary Infektion to Russian operatives in May 2019. Reddit published its own findings about the operation in December 2019, when details about trade negotiations between American and British officials leaked. The Atlantic Council’s Digital Forensics Research Lab has published a series of reports on the operation dating back more than a year.

Russian operatives also used forged diplomatic emails and planted articles aimed at undermining political efforts in Estonia, the Republic of Georgia and the U.S., according to Recorded Future findings in April. Polish security officials also said in April that Russian attackers were behind a hack-and-leak operation in which fabricated diplomatic letters were distributed to Polish websites with a history in spreading disinformation.

Graphika noted that it was unable to trace the Secondary Infektion effort back to a specific Russian intelligence agency.

The posts focused most frequently on the idea that Ukraine represents a failed state, or an unreliable diplomatic partner. They also portrayed the U.S. government and the North Atlantic Treaty Organization alliance as prone to interfering in other countries, the European Union as divided and critics of the Russian government as morally compromised, addicted to alcohol or somehow less than trustworthy.

Other efforts described Hillary Clinton as a murderer, accused the World Anti-Doping Agency of conspiring with pharmaceutical companies following a ban on Russian athletes for taking performance-enhancing drugs and suggested that an anti-Brexit faction in the U.K. had planned to assassinate Prime Minister Boris Johnson.


All told, Secondary Infektion incorporated 300 websites and social media platforms, including Facebook, Twitter, Reddit, YouTube and Quora. Much of the activity occurred on blogging platforms and internet forums where propagandists would plant fake documents that appeared to be leaked from legitimate sources, such as secret U.S. plans to overthrow Kremlin-allied governments around the world. Then, Secondary Infektion-affiliated social media accounts would try to amplify those posts, typically without success.

Jeff Stone

Written by Jeff Stone

Jeff Stone is the editor-in-chief of CyberScoop, with a special interest in cybercrime, disinformation and the U.S. justice system. He previously worked as an editor at the Wall Street Journal, and covered technology policy for sites including the Christian Science Monitor and the International Business Times.

Latest Podcasts