CopyCop, a Russia-aligned influence network, has shifted its focus to the 2024 US elections, using AI-generated content and inauthentic websites to push targeted political material. The group registered 120 new websites between May 10 and May 12, 2024 and moved its infrastructure to US-based hosts to obscure Russian ties, while AI-generated content saw limited amplification on social media. #CopyCop #USPresidentialElection
Keypoints
- CopyCop has shifted its focus from other topics to the 2024 US elections, away from Russiaβs war in Ukraine and politics in France/UK.
- Between May 10β12, 2024, CopyCop registered 120 new websites using AI-generated content.
- The network disseminates targeted content through YouTube and relies on mainstream US/UK media and Russian state media sources.
- CopyCop employs over 1,000 fake journalist personas to publish and amplify content, with some sites publishing targeted material in French and US election contexts.
- New infrastructure has been moved to US-based hosts to minimize visible links to Russia, and fewer traces of generative AI use suggest attempts to hide LLM activity.
- As of early June 2024, AI-generated content has seen little to no amplification on social media, with amplification coming from existing influence networks.
- Mitigations include tracking narratives with Recorded Future tools, monitoring social media and Telegram, and countering plagiarized content and typosquatting using brand intelligence.
MITRE Techniques
- [T1583] Acquire Infrastructure β The network moved its infrastructure to US-based hosts to minimize Russian government connections and registered 120 new websites between May 10 and May 12, 2024. βThe network registered 120 new websites between May 10 and May 12, 2024, focusing on US elections.β and βmoved its infrastructure to US-based hosts, likely to minimize Russian government connections.β
- [T1036] Masquerading β Use of over 1,000 fake journalist personas to disseminate content. βover 1,000 fake journalist personasβ used to publish and spread articles.
- [T1027] Obfuscated/Compressed Files and Information β Fewer traces of generative AI use indicate an attempt to obscure the use of large language models (LLMs). βfewer traces of generative AI use indicate an attempt to obscure the use of large language models (LLMs).β
Indicators of Compromise
- [Domain] Domains β 120 new websites registered between May 10β12, 2024; examples: and other 2 more domains (not disclosed)
- [User Accounts] Author profiles β Over 1,000 distinct author profiles used to publish content; examples: 1,000+ author profiles, and 2 more configurations (not disclosed)
Read more: https://www.recordedfuture.com/copycop-expands-to-cover-us-elections-target-political-leaders