The Russian disinformation network named Doppelgänger, along with cybercriminals, utilizes infrastructure in Europe to spread fake news.
According to Record, researchers from non-profit organizations Qurium and EU DisinfoLab, who first exposed Doppelgänger in 2022, state that the group operates in at least 10 European countries, including Germany, the United Kingdom, and the Czech Republic.
Researchers claim that European companies, knowingly or unknowingly, provide their services for disinformation operations that impact their own countries.
Doppelgänger is known for distributing fake articles on websites designed to mimic real media outlets such as the German Der Spiegel and the British The Guardian.
The network aims to promote Kremlin interests and deepen divisions among its adversaries, including the US and Western Europe.
According to researchers, Doppelgänger has registered dozens of legal entities in the UK, often under the names of young Russians, to build propaganda campaigns and conceal its likely Russian origin.
One such company, TNSecurity, with a virtual office in London, hosts hundreds of malicious web domains, as detailed in the report. It also provides services to cybercriminals who purchase stolen credit cards or bank accounts. According to a previous report, TNSecurity may have been compromised or willingly cooperated with cybercriminals.
At the core of Doppelgänger's European and Russian activities is the company Aeza—a hosting provider from St. Petersburg. Aeza allows suspected criminals to operate on their own servers and typically finds clients in the darknet, according to researchers.
For instance, the company likely provides services to operators of malicious software infrastructures known as Lumma and Meduza.
Researchers describe Doppelgänger's technical infrastructure as "extensive," comprising over 300 network prefixes and 100,000 IP addresses with a market value of 5 million euros or a rental cost of approximately €50,000 per month.