The US District Court for the Eastern District of Pennsylvania has filed an affidavit under seal in support of a seizure warrant targeting 32 internet domains alleged to have been used by Russian actors for cybersquatting and malign influence campaigns.
Cybersquatting is the practice of registering domain names that intentionally exploit the goodwill of another party’s trademark or reputation. Such domains often impersonate legitimate organizations, misleading users and eroding trust in online information sources.
Targeting Russian influence operations
Disinformation campaigns seek to shape public opinion and interfere in domestic politics. The recent affidavit filed in federal court highlights how cybersquatting can serve as a vehicle for spreading disinformation and manipulating political discourse.
According to the affidavit, several Russian entities operating under directions from the Russian Presidential Administration used cybersquatted domains to distribute propaganda. These operations allegedly included impersonating credible news organizations to advance Russian strategic aims and to undermine support for Ukraine.
Key actors identified in the affidavit include:
- Sergei Vladilenovich Kiriyenko: A senior Russian official whose involvement suggests possible state-sponsored direction of influence efforts.
- Social Design Agency (SDA): An organization alleged to have played a role in creating and managing domains that imitated reputable news outlets.
- Structura National Technology: Another entity implicated in coordinating these activities.
The seizure warrant cites violations of U.S. money laundering and trademark laws. Investigators say funds supporting the domains were transferred from abroad in ways that indicate an effort to evade oversight and conceal the true origin of payments.
National security and electoral implications
Seizing these domains aims to disrupt the ability of Russian actors to amplify disinformation and interfere with U.S. political processes. It also reinforces the U.S. commitment to safeguarding electoral integrity.
Cybersquatting linked to foreign influence poses a tangible national security risk. By eroding confidence in legitimate news sources, such operations can distort public debate, polarize audiences, and potentially influence electoral outcomes.
NEW leak: Trump’s co-campaign managers Chris LaCivita and Susie Wiles warn staff in internal email to stop talking to the press less than an hour ago, with the threat of termination. There must be a hot story in the works… pic.twitter.com/Buob6psJ5z
— Tara Palmeri (@tarapalmeri) September 4, 2024
The investigation also found that the campaign amplified its messages using influencers and paid social media advertisements. Fake profiles and targeted ads allowed operators to obscure their identities and reach specific audiences while appearing organic.
Technical measures described in the affidavit—such as the use of Virtual Private Networks (VPNs) and virtual private servers (VPS)—further masked the campaign’s activities. The technical sophistication suggests a coordinated operation geared toward sustained covert influence efforts.
This case echoes a broader pattern of behavior attributed to Russian information operations, particularly around elections and geopolitical flashpoints. Intelligence and cybersecurity agencies in allied countries have previously warned of related tactics, including spear-phishing campaigns and covert online influence efforts.
The court action against the 32 cybersquatted domains demonstrates a proactive legal response to foreign malign influence. At the same time, other federal courts are pursuing separate cases that address related efforts to manipulate public opinion and democratic processes.
Parallel enforcement: other influence operations
In a related development, an indictment unsealed in the Southern District of New York charges two Russian nationals—Kostiantyn Kalashnikov, 31, and Elena Afanasyeva, 27—with conspiracy to violate the Foreign Agents Registration Act (FARA) and to commit money laundering.
Allegations in that case outline a covert operation that included the following elements:
- Covert RT operation: The indictment alleges that RT, a Russian state-controlled media outlet, orchestrated a roughly $10 million scheme to produce and distribute content directed at U.S. audiences that carried concealed messaging aligned with Russian government objectives.
- U.S.-based company: A Tennessee-based content company—reported by investigators to be Tenet Media—allegedly published English-language videos on platforms such as TikTok, Instagram, X, and YouTube on behalf of the operation.
- Scope of content: Between November 2023 and mid-2024, the company reportedly posted nearly 2,000 videos and amassed millions of views on YouTube, focusing on domestic topics like immigration and inflation to inflame divisions.
Prosecutors say Kalashnikov and Afanasyeva operated through false identities and shell companies while managing the campaign from Moscow. The U.S. company’s viewers were allegedly unaware that the content was funded and directed by a foreign state actor.
Officials describe the scheme as relying heavily on covert funding: between October 2023 and August 2024, RT is alleged to have wired about $9.7 million to the U.S. company—nearly 90% of that company’s deposits—through intermediaries in Turkey, the UAE, and Mauritius, often disguised as payments for goods.
Senior Justice Department and federal prosecutors emphasized that these charges reflect efforts to cloak foreign-directed messaging and that U.S. law enforcement will pursue those responsible for hiding the true sponsors of influence operations.
The indictment specifies that two of the people who work for this Tennessee company (Tenet) were “deceived” — meaning they didn’t know that the Russian government was running an influence op.
Dave Rubin has 2.4 million subscribers and Tim Pool has 1.37 million. pic.twitter.com/bdVEElmiDZ
— Aric Toler (@AricToler) September 4, 2024
As digital platforms evolve, so must the legal and technical strategies to protect democratic institutions from covert influence and disinformation. The enforcement actions in multiple federal courts demonstrate a multi-pronged approach to disrupting foreign malign activity during a critical election year.
“Today’s actions show that as long as foreign adversaries like Russia keep engaging in hostile influence campaigns, they are going to keep running into the FBI,” said FBI Director Christopher A. Wray, noting ongoing efforts to expose and disrupt covert foreign interference.
Officials reiterated that investigations remain active and that agencies will continue to pursue those who attempt to exploit free expression and open information networks to carry out covert influence operations.
Want to learn more about cybersecurity and cloud technologies from industry leaders? Attend the Cyber Security & Cloud Expo taking place in Amsterdam, California, and London. The event features industry speakers and is co-located with related conferences covering blockchain, digital transformation, IoT, and AI and big data technologies.
Explore other upcoming enterprise technology events and webinars powered by TechForge.