Doppelgänger

Doppelganger is a pro-Russian, Russia-aligned information operation and disinformation network publicly referred to as “Doppelganger” or “Doppelgänger,” and also referenced as “RRN.” Multiple cited sources describe it as operating since at least 2022 and attribute it to Russian actors; U.S. court filings further state it operated under the direction and control of the Russian Presidential Administration, particularly Sergei Kiriyenko, with Russian entities including Social Design Agency (SDA), Structura National Technology, and ANO Dialog involved. Sanctions and public reporting also link SDA and associated operators to the campaign. The operation is designed to reduce international support for Ukraine, bolster pro-Russian policies, and influence voters in U.S. and foreign elections. Reported targeting includes audiences in Germany, France, Poland, the United States, Israel, and broader European audiences. It has also pushed narratives around the 2024 Paris Olympics, German elections, and Polish airspace incidents, while promoting anti-Ukraine, anti-Western, anti-government, and anti-NATO themes. A defining characteristic of Doppelganger is large-scale impersonation of legitimate media outlets and government or independent media brands. Reported examples include spoofed or lookalike domains imitating outlets such as The Washington Post, Fox News, Reuters, Der Spiegel, Bild, T-Online, Le Monde, Welt, and FAZ, alongside fabricated “independent” news brands. Researchers also describe cloned websites and fake news sites used to infiltrate Europe’s media landscape. Distribution and amplification rely on coordinated inauthentic social media accounts across multiple platforms, including large networks of X accounts. These accounts have been observed posting multilingual content, posing as citizens of targeted countries, and coordinating reposting and engagement to amplify narratives. Reporting also states the campaign used fake social media personas, paid advertisements, influencers, and AI-generated content. Technically, researchers describe a resilient, scalable infrastructure built around multi-stage redirection chains and traffic tracking. Observed tradecraft includes first-stage and second-stage redirector domains, telegra.ph-hosted preview images, Base64-obfuscated JavaScript, rotating domains, Cloudflare fronting, geofencing, and Keitaro-based tracking infrastructure used to monitor campaign effectiveness. Reports characterize the operation as industrialized and focused on infrastructure resilience, scalability, and operational continuity. Known aliases and related references directly mentioned in the content include Doppelgänger and RRN. Related entities and operators directly linked in the content include Social Design Agency (SDA), Structura National Technology, ANO Dialog, Sergei Kiriyenko, Ilya Gambashidze, Nikolai Tupikin, and Vladimir Tabak.