Secondary Infektion Cover

Exposing Secondary Infektion

Forgeries, interference, and attacks on Kremlin critics across six years and 300 sites and platforms.

Secondary Infektion is a series of operations run by a large-scale, persistent threat actor from Russia that worked in parallel to the Internet Research Agency and the GRU but was systematically different in its approach. 

The campaign used fake accounts and forged documents to sow conflict between Western countries and most often targeted Ukraine. It produced at least 2,500 pieces of content in seven languages across over 300 platforms from 2014 into 2020.  

By Ben Nimmo, Camille François, C. Shawn Eib, Lea Ronzaud, Rodrigo Ferreira, Chris Hernon, and Tim Kostelancik.

View Report Here


The complete Secondary Infektion report is available for download in PDF format at the link below. 

Download PDF


More than any other operator we have seen, Secondary Infektion relied heavily on using forgeries in its campaigns. The Carousel of Forgeries is a selection of these forged documents, in multiple languages, across the years.

Explore Examples