How Russia Uses EU Companies for Propaganda: The Doppelganger Disinfor

Details: Written by: Gavril Ducu; 31.Jan; Hits: 147

In today's information age, truth itself has become a battlefield.

Governments, particularly authoritarian regimes, have invested heavily in shaping narratives through disinformation.

Russia has been at the forefront of this digital war, using sophisticated networks to spread false information, erode trust in institutions, and influence political outcomes.

One of the most persistent and far-reaching campaigns is Doppelganger, a Russian disinformation network that mimics legitimate news sources to spread propaganda.

Gavril Ducu

born by the KGB raised by the CIA mindreader digital ventriloquist #fella #WeAreNAFO Heavy Bonker Award 🏅⚡Every coffee helps #Edumacation and the @NAFOforum 👇

More from the Author

The Invisible War on Truth

First exposed in 2022 by Qurium and EU DisinfoLab, it continues to operate, using infrastructure inside the European Union.

Qurium report, “Doppelganger does not operate from a hidden data center in a Vladivostok fortress or a remote military bunker, but from newly created Russian providers operating inside the largest data centers in Europe.”

This report explores how Russia leverages EU-based companies to sustain a sprawling disinformation empire and what this means for democracy and digital security.

The Origins of Doppelganger – A Disinformation Network in Action

What is Doppelganger?

In September 2022, researchers at Qurium and EU DisinfoLab uncovered a sophisticated Russian influence operation, later named Doppelganger.

Unlike traditional covert networks, Doppelganger does not operate from hidden Russian facilities—instead, it relies on EU-based hosting services, domain registrars, and legal loopholes to remain active.

One of the most shocking aspects of Doppelganger is its connection to cybercrime.

Qurium researchers, “Doppelganger operates in close association with cybercriminal activities and affiliate advertisement networks. Disinformation is a sad example of a broken advertising industry.”

This suggests that the campaign is not only politically motivated but also financially intertwined with illicit activities.

Doppelganger's Objectives:

✔ Discredit Western institutions by publishing fake news mimicking trusted media outlets.
✔ Sow political division by amplifying false narratives on social media.
✔ Exploit European infrastructure to evade scrutiny and legal shutdowns.
✔ Collaborate with cybercriminal networks to fund and sustain operations.

How Doppelganger Works – The Four-Stage Disinformation Architecture (FIKED Model)

To deceive the public effectively, Doppelganger mimics legitimate journalism using a complex, multi-layered strategy known as FIKED:

Stage 1: Front Domains (F)

Fake domains advertised on social media (e.g., Twitter/X, Telegram).
Often include misleading URLs similar to real news sites.

Stage 2: Intermediary Domains (I)

Redirects users through a network of seemingly unrelated domains.
Masks the source of disinformation to avoid detection.

Stage 3: Keitaro Domains (KE)

Uses an advertisement tracker (Keitaro) to limit access to targeted users.
Ensures fake content reaches the intended demographic.

Stage 4: Doppelganger Domains (D)

The final stage: cloned versions of real news websites such as Le Monde, Der Spiegel, and The Washington Post—but filled with Russian propaganda.

A cybersecurity analyst involved in the research described this structure as “a Matryoshka-style redirection system where each layer disguises the previous one, making it nearly impossible to trace the original source.”

The European Footprint – How Russia Uses EU-Based Infrastructure

Doppelganger exploits EU laws and business structures to establish and sustain operations.

A report from EU DisinfoLab noted that “Doppelganger does not simply hijack European networks—it actively builds infrastructure within them.”

Key Players in the Supply Chain:

✔ Aeza International (UK & Russia) – A major bulletproof hosting provider enabling cybercriminal activity.
✔ Hostinger (Lithuania) – Used to register fake news domains.
✔ Combahton/Aurologic (Germany) – Provides network services allowing disinformation sites to stay online.
✔ Shell companies in the UK and Cyprus – Used to lease servers and manage domain registrations anonymously.

This strategic use of legitimate European infrastructure makes Doppelganger difficult to dismantle—and ensures its propaganda continues to reach Western audiences.

Cybercrime and Disinformation – The Dark Web Connection

The Doppelganger network does not operate in isolation—it is deeply entangled with cybercriminal enterprises.

Qurium’s investigation found that “during the last six months, we identified a dozen bulletproof hosting providers accepting cryptocurrency closely related to Aeza where Doppelganger operates in coexistence with other cybercriminal activities such as data exfiltration, phishing, or scam distribution.”

✔ Co-exists with malware operations – Doppelganger sites are often hosted on the same servers as ransomware and phishing scams.
✔ Fake geolocation tactics – Uses manipulated IP data to appear as though hosted in multiple countries.
✔ Crypto-based funding – Payments for domain hosting and bulletproof services often occur in untraceable cryptocurrency.

Targeting European Audiences – The Social Media Manipulation Strategy

Doppelganger uses advanced social media tactics to spread its fabricated news stories.

✔ Mimicking trusted media brands – Fake versions of Western news sites lend credibility to false stories.
✔ Manipulating Twitter/X algorithms – Bots and engagement farming boost visibility.
✔ Leveraging Telegram and dark web forums – Enables deeper infiltration into niche communities.
✔ Antibot4Navalny tracking – A citizen-led initiative that exposes Russian disinformation campaigns in real time.

The Bigger Picture – What This Means for Democracy and Information Security

Doppelganger is part of a larger Russian effort to destabilize Western democracies through disinformation.

Qurium report warns that “Doppelganger is not just another influence campaign—it is an evolving operation embedded in the digital ecosystem of Europe.”

✔ Russia is under geopolitical and economic pressure – Western sanctions have weakened its economy, and the war in Ukraine is depleting its resources.
✔ Controlling narratives is crucial – As Russia faces growing internal dissent, controlling the external information flow becomes more important.
✔ Undermining trust in Western institutions benefits Moscow – By spreading distrust, Russia weakens democratic cohesion and strengthens authoritarian influence.

Sources and Further Reading

For those interested in exploring these topics further, here are key sources and additional readings:

Qurium & EU DisinfoLab Report – How Russia Uses EU Companies for Propaganda (Full Report)
EU DisinfoLab – Ongoing research on Russian disinformation campaigns (Visit Site)
Reuters Digital News Report – Global media trends and disinformation threats (Read Here)
NATO STRATCOM COE – Studies on hybrid warfare and influence operations (Explore Research)

These sources provide valuable insights into Russia’s digital influence operations and the broader battle for information security.

Log in to comment

INFO: You are posting the message as a 'Guest'

Name

Message

Enter code

Are you a Fella? Write down the text from above!

NAFO Public Education Forum

The purpose of NAFO-PEF is to engage in identifying and analyzing disinformation, formulating defensive strategies, and crafting proactive measures to counter and minimize its impact.

To support our efforts, you can check out our merchandise available on Buy Me a Coffee and our Bonfire Store. Every purchase directly helps fund the forum’s activities and our ongoing fight against disinformation.

Contact Us