Disinformation Campaign Targets Moldova Ahead of Presidential Elections and EU Membership Referendum

A cyber-enabled disinformation campaign, dubbed Operation MiddleFloor, is targeting Moldova’s government and educational sectors, according to Check Point Research.

The campaign began in early August and appears to have been aimed at influencing the country’s presidential elections on 20 October, with a concurrent referendum on EU membership. Malicious actors are leveraging sensitive topics to sway public perception against European values and Moldova’s current pro-European leadership.

Setting the Scene

In 2022, following Russia’s invasion of Ukraine, Moldova was granted EU candidate status, marking a significant shift for the former Soviet republic. The October 20 referendum will determine whether Moldova’s constitution will be amended to align with the citizens’ desire for EU membership.

Incumbent President Maia Sandu, a strong advocate for EU membership, is campaigning in favor of this shift.

The Tactics of Lying Pigeon

The threat actors behind Operation MiddleFloor, tracked by Check Point as Lying Pigeon, use a range of tactics to spread disinformation. However, unlike typical campaigns that depend on social media or fake websites, Lying Pigeon mainly uses email to disseminate false information.

These emails, designed to look as if they originate from European Union institutions, Moldovan ministries, or prominent political figures, contain misleading content that taps into Moldovans’ fears about gas supplies, winter fuel prices, LGBT rights, potential anti-corruption reforms, and changes in the education system.

Check Point’s investigation highlighted several findings:

1. Email-Driven Misinformation: The campaign relies heavily on emails to deliver fake documents and gather information on victims, suggesting that malware attacks could follow.
2. Impersonation of Trusted Sources: Spoofed email accounts give the appearance of legitimacy, with attackers pretending to be EU officials or Moldovan government representatives.
3. Exploit of Societal Fears: The content targets fears about Moldova’s integration with the EU, using themes like economic shifts, immigration concerns, and market disruptions to stoke anti-European sentiment.

Check Point Research also noted that the actors behind the campaign are Russian-speaking, with English content displaying clear linguistic flaws, indicating a non-native level of English proficiency.

Identify and Act

Operation MiddleFloor can directly engage with specific individuals by focusing on email-based outreach. Emails that appear to come from reputable sources increase the credibility of the disinformation, making it easier for recipients to engage by clicking links, providing information, or entering personal details. The private nature of email also complicates monitoring and countering these disinformation efforts effectively.

However, the reach of email campaigns is inherently limited compared to social media, where content can go viral. Additionally, the infrastructure behind email communications can be more easily traced, enabling authorities to identify and take action against the sources of disinformation more efficiently.

Regional Connections and Previous Campaigns

Lying Pigeon’s activities are not limited to Moldova. Since early 2023, similar operations have been seen across Europe, often involving politically sensitive events. The researchers linked Lying Pigeon to several activity clusters, including:

• The NATO 2023 summit in Vilnius, where disinformation was circulated on social media.
• Spain’s 2023 general elections, with false reports of impending terrorist threats.
• Campaigns in Poland targeting the cybersecurity sector and exploiting concerns over press freedom.

CERT Polska has drawn parallels between Lying Pigeon and another Russian-aligned threat actor, APT-UNK2, known for deploying malware and creating fake websites to support disinformation.

Moldova and European Stability

The timing of Operation MiddleFloor highlights Moldova’s precarious geopolitical position. The country balances its historical ties to Russia with aspirations for EU integration.

The spread of disinformation could shape public opinion ahead of the referendum, potentially stalling or complicating Moldova’s path toward EU membership. Also, the campaign is a clear sign of Russia’s ongoing influence in Eastern Europe through digital manipulation tactics designed to undermine pro-European leadership. As Moldova approaches its elections, its citizens and government will likely face further attempts at digital interference. The findings emphasize the need for vigilance in Moldova and across Europe as disinformation campaigns become a common weapon in political and geopolitical conflicts.