Revealed: Estonia targeted by Russia-linked disinformation deluge

The people of Estonia are being targeted by a Russia-linked covert influence operation attempting to undermine the Baltic state’s government and, in particular, its relationship with the European Union (EU), while exploiting the European refugee crisis.

This is according to intelligence uncovered by Recorded Future’s Insikt Group, which has dubbed the campaign against Estonia – which is one of the most advanced digital economies in Europe – Operation Pinball.

The campaign bears many of the same hallmarks as an alleged Russia-based operation called Secondary Infektion, which unfolded over the course of 2019 targeting the West, including against the NHS in the UK.

“Recorded Future found that this activity shared significant overlap with previously reported tactics, techniques, and procedures (TTPs) used in Secondary Infektion campaigns, namely the use of self-publisher blogs with single-use personas, Reddit promotion, and multilingual obfuscation,” said the group in a disclosure report.

Some of the TTPs observed by the Insikt Group’s researchers included use of forged letters and email correspondence; targeting of geopolitical incidents in the former USSR; errors in language that are characteristic of native-Russian speakers; and seeding and promotion by one-off burner accounts on Reddit and other self-publisher websites and blogs.

Recorded Future said it assessed “with high confidence” that the activity targeting Estonia was a coordinated and deliberate attempt to undermine Tallinn’s relationship with Brussels, degrade the confidence of Estonians in their government, sow strife and discord among Estonian officials, and sour public opinion against migrant refugees entering Europe.

One example of the disinformation spread by Operation Pinball was posted in December 2019 on Homment.com, a German self-publishing platform under the headline “Neue Flüchtlinskrise: Europa ist nicht dazu bereit” (New refugee crisis: Europe is not ready for it).

The article blamed the US and Europe for wars in the Middle East and Africa prompting the Mediterranean refugee crisis that has unfolded over the past few years, claimed that refugees were overwhelming other European countries, and blasted the Estonian government for welcoming the EU’s migration quotas in spite of local opposition.

It included a letter to Dimitris Avramopoulos, the European commissioner for Migration, Home Affairs and Citizenship, from Taavi Aas, Estonia’s minister of economic affairs and infrastructure, backing up this line.

The Insikt Group said that linguistic analysis of the letter strongly suggested it was a fake, written by a native Russian speaker using grammatically incorrect English constructions.

Two key indicators in this analysis centres on how the genitive case denoting ownership is translated from Russian to English, and confusion between the definite and indefinite articles – Russian does not have a definite or indefinite article (the/a/an) or the verb ‘to be’ in the present tense, so many English-speaking Russians are inclined to use the words ‘the’ and ‘a’ incorrectly, or even omit them.

There is also the fact that the real Taavi Aas speaks fluent English.

A second instance of the campaign targeting Georgia – long in Moscow’s sights for rejecting Russia’s influence – seemed to be an attempt to disrupt and undermine the growing relationship between Georgia and Nato; create uncertainty around Georgia’s economy and energy independence; sow the narrative that the Georgian government is selling out its people; and promote support and recognition of the independence of the breakaway regions of Abkhazia and South Ossetia.