The New York Times reported on the emergence of several fake news sites with Russian ties, such as D.C. Weekly and the Miami Chronicle, aimed at disseminating Kremlin propaganda within the U.S. These platforms intermix genuine content with false narratives to influence public discourse, especially ahead of significant political events like the American presidential election. The operation, believed to be linked to the late Yevgeny Prigozhin’s media empire, utilizes advanced digital tools for targeted disinformation, highlighting a technological evolution in Russia’s strategy to manipulate American public opinion.
Someone reached out to me and asked if I wanted to take a look and see what the sites were (reporting was scarce) and then expand the net to look for other sites by the same actors. I managed to do exactly that and long story short, the assessment I have carried out has a medium to high certainty that it is in fact an offshoot of the original IRA (Prigozhin’s) machine, but owned by another player; Alexander Sergeevich Frolov, someone cited in the Panama Papers and a player within the oligarchy arcology of Putin. Additionally, the minion that is running the show day to day, has been assessed as Mikhail Leonidovich Burchik, a known quantity who has been sanctioned by the US and is wanted in connection with the IRA machinations from 2016 on.
Sites:
After reading a bit on the Times piece, I was able to locate the “Miami Chronicle” an alleged paper in operation since 1937, according to their cutline on the masthead. The page is simplistic and has some interesting features;
So, these are low end sites and they don’t seem to have much in the way of SEO or social media synergy as yet. I looked for connections to any accounts on Twitter and other social media sites and nothing turned up. I did find one mention of the Miami Chronicle on X, but nothing of real merit. So, I then went back to the board so to speak, and started looking at a more technical level for any connections with the domains.
Spoiler… There are none.
The domains are all over the place and deliberately so, kinda like that quote by Hannibal Lecter in “Silence of the Lambs”
“Clarice, doesn’t this scattering of sites seem overdone to you?
Doesn’t it seem desperately random? – Like the elaborations of a bad liar?
Ta… Hannibal Lecter”
While they seemed to have been very careful with the tradecraft to not have the domains linked by actual hyperlinks or domains on the same services (and with all the privacy registrations now, it’s all kinda pointless to try to gather intel unless you have a warrant) there was a tradecraft failure that led me to the assessment of who is behind these sites.
Tradecraft Failure:
The tradecraft failure I am speaking of, was in the use of the WordPress generation on their coterie of sites. While it is fairly cookie cutter, they decided to mess with the contact pages email addresses that reside on all of the sites by adding the email address of [email protected] which is bogus. However, when using Google-Fu, I was able to see the collection of sites that were using that same odd email address. Within that group of sites that came up from the search however, was one domain and website that had that same bogus email address attached when Google scraped it. That site is allnw.ru
Now, when I went to the site that is up today, I noted that they had changed the address to a real one for this site. It began to click for me that whoever had this site, was the same group who had been generating these other disinformation sites, so I then started to look at this news site a bit more closely. I managed to get to the page where they claimed ownership and it all came together.
The Company:
TECHNOLOGIES. BUSINESS. MEDIA (ТЕХНОЛОГИИ. БИЗНЕС. МЕДИА)
The “ТЕХНОЛОГИИ. БИЗНЕС. МЕДИА” company, located in Saint Petersburg, has a profile indicating it’s a relatively new entity with a focus on online publication activities. Its founder, Mikhail Leonidovich Burchik, is under sanctions and associated with sanctioned entities, including the Internet Research Agency, known for its role in online propaganda and influence operations. Although the company’s address does not directly match known IRA addresses, its geographical location and associations suggest a proximity to known IRA operations.
The name of the person in charge is a red herring as far as I can tell. Not much turned up on trying to drill down on that, however, the company that owns this site and the media conglomerate that is ostensibly is under, that was key.
Technologies LLC Business Media, is a company owned by a certain Alexander Sergeevich Frolov.
Frolov, is a known quantity within the Putin circle and is, as I stated at the top, mentioned in the Panama Paper’s for hiding funds, ostensibly from his oil dealings. On top of this though, the clincher for me was listed below, the CEO of the company, is none other than MIKHAIL LEONIDOVICH BURCHIK, the very same player from the original IRA in St. Petersburg, he is not only CEO but full “owner” with 150K rubles in it according to the Russian registration site.
The company has a few employees and an address in St. Petersburg, Russia, not far from the original IRA building. Burchik became the founder in October 2023 and Frolov took over the general director roll in January 2024. So, as you can see, they have recently spun up this concern and I assume since it’s already being caught on to, they may re-think their strategy a bit.
I also assume that there are other sites and plans out there that have not been detected yet that the new IRA has begun to plan or spin up, but, I have yet to see anything else that I could grab on to to go down those rabbit holes.
I do have to wonder at the half assed attempt though looking at these sites. Was this just being spun up? Details on domains and looking at the sites being put online live in the Wayback Machine, seem to indicate that this campaign was new and nascent. Everything seems to have come online since the new year (February 26th for the Miami Chronicle site) but the effort put into these sites was so weak, it makes me think that they either thought this was only a start, or, that they really could just coast and hopefully get SEO and links to the sites in social media to get the traction they needed.
One site in particular, which was not ready for prime time, was sacralised.com, which is aimed directly at the 2024 election and was likely to be spun up when the race formally begins in the near future after the recent caucusing and such.
All in all, that this was caught on to so quickly might just be the key to how little effort they put into this one…
It’s gonna be wild…
~K
For a more formal report on this you can download the following assessment below.
Technical Analysis Report: