Operation Texonto is a disinformation/PSYOP campaign using spam mail as the main distribution method. Surprisingly, it doesn’t seem that the perpetrators used common channels such as Telegram or fake websites to convey their messages. We have detected two different waves, the first one in November 2023 and the second one at the end of December 2023. The contents of the emails were about heating interruptions, drug shortages, and food shortages, which are typical themes of Russian propaganda. In addition to the disinformation campaign, we have detected a spearphishing campaign that targeted a Ukrainian defense company in October 2023 and an EU agency in November 2023. The goal of both was to steal credentials for Microsoft Office 365 accounts. Thanks to similarities in the network infrastructure used in these PSYOPs and phishing operations, we are linking them with high confidence.
Disclaimer: This article is part of X-Force OSINT Advisories’ automated collection to enable faster integration of open-source articles to client environments. All credit and copyright goes to the original authors.
Sample Indicators of Compromise:
45.9.148.20745.9.148.16589.116.52.79bb14153040608a4f559f48c20b98c1056c794a60ukrpharma.ovh
