Russia has spent €69mn to carry out a large-scale propaganda and interference campaign in Bulgaria and Romania, the BG Elves cybersecurity group revealed on December 12.

Elections to the Bulgarian parliament and Romania's parliament and presidency were held recently, with the latter scrapped amid investigations into financing for far-right, pro-Russian candidate Calin Georgescu's campaign. Suspicions of large-scale fraud in the Bulgarian general election have also been raised. 

The group wrote on Facebook it has documents proving that millions have been transferred from Novosibirsk to Bulgaria and Romania in a scheme involving thousands of people.

The funds were transferred in small transactions of up to €5,000 each, intended to spread Russian influence and promote far-right discourse in both Bulgaria and Romania.

“We have documents proving payments of thousands of small transactions of €5,000 each, with which a total of millions of euros were paid for spreading Russian propaganda and instilling far-right narratives! The reason for small transactions is that they are not noticed (if anyone wanted to notice them at all). We know who were intermediaries, bank accounts, guarantors and executors. Nearly two-thirds of the amounts remained in the intermediaries of the money paid by Russia,” BG Elves wrote on a Facebook post.

It added it has found out specific individuals and companies that were involved in a large-scale scheme for manipulation of society.

The group entered into contact with investigative journalists and entities from Romania, the UK and Ukraine, exchanging significant amount of information.

The scheme started no later than 2010, BG Elves says. It found a trace of that on the servers of the Adnow company that played a major role in spreading propaganda and advertising with controversial content. The ads which often promoted sensational and misleading health claims aiming to influence people through the use of complex algorithms and tracking tools.

BG Elves discovered that the systems used by Adnow have been collecting and profiling users based on the content they consume. The created profiles were very detailed and include information such as gender, location and even “brutality ratings”.

The used systems are a Russian development and over the years have been improved and rebranded many times, replacing some names with others. With the expansion of the network, in addition to changing the names, they have delegated separate functions to separate systems, with different names and companies behind them.

“So far, we have tracked dozens of Russian domains behind these systems, redirected to new, more legitimate ones. Although in many places the old Russian ones are still standing. They use rented server facilities in the Netherlands and Germany. All individual domains respond in an identical way to certain queries, that is, we are really talking about the same system that is presented with a different brand or simply hidden behind a different company,” BG Elves noted.

“Behind them lies something that we are still investigating, but we can say with certainty that this is a serious breach in the internal security of our country,” it added.

According to the group, the ultimate goal of the operation is to manipulate users into providing personal information through fake offers and rewards systems. The data is then sent to Russia, where it is used for even more targeted attacks.

For example, a mobile game company used this personal information to install malware on users’ devices to gain complete remote control. This allows the monitoring of users’ personal communications and exploit their contacts, providing the attackers with opportunity to manipulate and spread disinformation.

BG Elves estimated that Adnow, which generates millions of fingerprints per month, has infected thousands of users, securing access to a substantial part of the Bulgarian population.

The activities of Russia-funded entities have expanded to include a wide range of services, such as “bot farms” and “VPN networks” that support and distribute propaganda.