IFTAS

2025-10-05 19:48:43

Coordinated Pro-Russian Propaganda Network Targeting ActivityPub and ATProto Services

Update October 14: Accounts are still being created, and unused accounts registered earlier are being activated.

Since 15 September, IFTAS has been tracking a coordinated network of over 300 accounts operating across Mastodon. These accounts are engaged in a high-volume propaganda campaign, promoting pro-Russian narratives and linking to Telegram channels associated with known state-aligned disinformation operations.

We became aware of a related investigation by the Antibot4Navalny research team that observed these accounts bridging to Bluesky, and we have since collaborated to enhance our investigations and share our findings. Their public post provides further context.

Antibot4Navalny’s observations identified additional impacted services we were unaware of, and highlighted that accounts were still being created. Furthermore, thanks to their specific expertise in this area, this helped clarify and confirm that what we were seeing was indeed the work of a coordinated campaign with an increased likelihood of it being a state-sponsored or state-approved campaign.

We have been contacting affected Mastodon administrators, and are now moving to a public advisory to inform the broader network.

The network includes accounts impersonating reputable news outlets such as BBC News, Euronews, and Meduza, designed to give credibility to Telegram propaganda links. We believe it may be connected to the “Pravda/Portal Kombat” pro-Russia propaganda network.

Accounts are hosted across numerous Mastodon instances and bridged into Bluesky, creating the appearance of independent sources. Activity on Bluesky helped reveal aggregate patterns, identical usernames, posting schedules, and content themes more clearly than across decentralised Mastodon services.

This campaign appears to mimic tactics observed in earlier influence operations, blending low-cost automation with impersonation and volume-based amplification.

We are sharing data with participants of the Social Web ISAC, and we issued a public advisory along with a list of observed usernames.

We are aware of accounts hosted on abandoned or unmanaged services, we may issue a Limit recommendation for those domains at a later date.

If you provide or can link to tools that may benefit administrators in identifying and/or managing these accounts, please let us know.

Further Reading:

• PORTAL KOMBAT A structured and coordinated pro-Russian propaganda network
• PORTAL KOMBAT A structured and coordinated pro-Russian propaganda network (Part 2)
• “Pravda” Network: Worldwide Expansion and LLM, Wikipedia Pollution
• Russian propaganda may be flooding AI models

NEW REPORT: Russian propaganda may be flooding AI models

Click here to read the report. Click here to read the press release. Click here to access the database.

^{JP (The American Sunlight Project)}