The Kremlin’s pursuit of winning its ‘special military operation’ knows no bounds, as Russia-linked group resorts to spamming Ukraine into submission

(Image credit: Shutterstock)

Recent research by ESET has uncovered several waves of psychological campaigns, known as Operation Texonto, that seek to demoralize and disrupt the Ukrainian population.

The email spam psyops spread doubt and distrust in the form of exaggerated claims of power, heating, and healthcare disruptions through the winter of 2023.

Interestingly, the server used to distribute the mass-spam campaign was later used again to distribute fake Canadian pharmacy emails advertising male-targeted pills for a “cheerful life.”

Nettle soup and pigeon risotto a la Kremlin

Several of the emails identified as part of Operation Texonto bear the identifying features such as the Ukrainian Trident, and are designed to look like official distributions from the various energy, healthcare and agricultural ministries.

In machine translations provided on ESET’s WeLiveSecurity blog, the first wave of psyop emails that arrived in November 2023 stated that energy shortages caused by Russia’s targeting of energy infrastructure meant that the temperature inside houses could be “several degrees below the permissible values.”

One fake email from the Ministry of Agriculture included a PDF detailing recipes for nettle soup and “pigeon risotto,” which was sent with the advice to combat food shortages by “eating fresh, juicy leaves of herbs in the form of salads.”

PDF of recipes distributed to Ukrainian civillians on how to make nettle soup and pigeon risotto

(Image credit: ESET Research)

In an astounding self-criticism, the fake Ministry of Health emailed Ukrainians to tell them that there would be severe drug shortages and delays as “Ukraine completely refused Russian and Belarusian pharmaceutical drugs companies.”

While it is important to recognize that these are machine translations and are not exact, the general content of the emails themselves are a common theme among Russian psychological and propaganda operations targeting Ukraine.

Operation Texonto

A summary of Operation Texonto (Image credit: ESET)

The second round of Operation Texonto occurred in December 2023, again targeting Ukranians, but extending its reach to the populations of European countries as well. The translation of one of the emails included a heartwarming New Year's message stating that, “only together we will be able to drive out the Satanists from the USA.”

A second email from the same campaign was apparently written to target soldiers or potential recruits, attempting to convince them to cut off one of their own limbs as “this means that you won't meet a Russian soldier in a trench,” with the email signing off with, “Remember that sometimes one is better than two!”

“The strange brew of espionage, information operations, and fake pharma messages can only remind us of Callisto, a well-known Russia-aligned cyberespionage group,” said the ESET researcher responsible for uncovering Operation Texonto, Matthieu Faou.

“While there are several high-level points of similarity between Operation Texonto and Callisto operations, we haven’t found any technical overlap, and we currently do not attribute Operation Texonto to a specific threat actor.

“However, given the TTPs, targeting, and the spread of messages, we attribute the operation with high confidence to a group that is Russia aligned.”

More from TechRadar Pro

Benedict Collins
Staff Writer (Security)

Benedict Collins is a Staff Writer at TechRadar Pro covering privacy and security. Before settling into journalism he worked as a Livestream Production Manager, covering games in the National Ice Hockey League for 5 years and contributing heavily to the advancement of livestreaming within the league. Benedict is mainly focused on security issues such as phishing, malware, and cyber criminal activity, but he also likes to draw on his knowledge of geopolitics and international relations to understand the motives and consequences of state-sponsored cyber attacks.

He has a MA in Security, Intelligence and Diplomacy, alongside a BA in Politics with Journalism, both from the University of Buckingham. His masters dissertation, titled 'Arms sales as a foreign policy tool,' argues that the export of weapon systems has been an integral part of the diplomatic toolkit used by the US, Russia and China since 1945. Benedict has also written about NATO's role in the era of hybrid warfare, the influence of interest groups on US foreign policy, and how reputational insecurity can contribute to the misuse of intelligence.

Outside of work Ben follows many sports; most notably ice hockey and rugby. When not running or climbing, Ben can most often be found deep in the shrubbery of a pub garden.