A recent study has shed light on the intricate strategies used by threat actors in cyber-enabled influence operations (CEIO). The research revealed a unique approach by the Internet Research Agency (IRA) to infect Facebook users with malware in order to enhance their influence campaign.
The IRA’s method may seem counterintuitive at first, as they targeted the very users they aimed to influence. However, their operational approach was strategic. By using click-fraud malware like FaceMusic, they were able to infect a susceptible population, boost the visibility of troll farm content, and expand their reach to a wider social media audience. This finding challenged the conventional focus of CEIO research on direct attacks on infrastructure, highlighting the significance of indirect tactics.
The study outlined a lifecycle of CEIO activities, emphasizing the importance of preparatory cyber activities in developing successful influence campaigns. Rather than following a traditional kill chain, the IRA utilized a capture chain approach, engaging with social media users and deploying malware to amplify their impact. This shift in strategy proved to be a game-changer in manipulating the information environment.
Furthermore, the research addressed the differences in CEIO tactics among threat actors, particularly Chinese, Russian, and Iranian groups. While Chinese actors focused on issue-based media manipulation, Russian and Iranian hackers incorporated malware and cyber actions into their operations, often targeting Western entities. This distinction highlighted the evolving landscape of cyber threats and the varying approaches taken by different adversaries.
In assessing the vulnerability to CEIO, the study emphasized the importance of workforce awareness and hygiene controls. Organizations directly involved in electoral processes or representing key societal issues were identified as high-risk targets. However, the research pointed out that vulnerability extends beyond organizational boundaries to individual employees, underscoring the need for a holistic approach to cybersecurity.
Overall, the study highlighted the significance of understanding and mitigating the risks posed by CEIO. By uncovering the intricate strategies used by threat actors and emphasizing the importance of workforce education, the research provided valuable insights for security teams and national security planners. As cyber threats continue to evolve, it is crucial for organizations to adapt their cybersecurity strategies to address the changing tactics of malicious actors.