US Sanctions Russians for Cyber Influence Campaign Behind the “Doppelganger”

Sanctions were imposed on Wednesday by the Office of Foreign Assets Control (OFAC) of the U.S. Treasury Department on two 46-year-old Russian citizens and the companies they own for participating in cyber influence operations.

Both Nikolai Aleksandrovich Tupikin (Tupikin), the CEO and current owner of the Russia-based Company Group Structura LLC (Structura), and Ilya Andreevich Gambashidze (Gambashidze), the founder of the Moscow-based Social Design Agency (SDA), have been charged with supplying services to the Russian government in connection with a "foreign malign influence campaign."

Under the moniker Doppelganger, the misinformation campaign is monitored by the larger cybersecurity community and is known to use phony news websites and social media profiles to target audiences in the U.S. and Europe.

“SDA and Structura have been identified as key actors of the campaign, responsible for providing [the Government of the Russian Federation] with a variety of services, including the creation of websites designed to impersonate government organizations and legitimate media outlets in Europe,” the Treasury Department stated.

Gambashidze and Tupikin are both charged with masterminding an operation that began in the fall of 2022 and resulted in the creation of a network of more than 60 websites posing as authentic news outlets and false social media profiles to spread content from those spoof websites.

According to the department, the phony websites were designed to seem just like their real-life counterparts. To further deceive users, the portals included functional links to real websites as well as embedded photographs. They even pretended to be the cookie consent pages.

Additionally, a closer look at the two cryptocurrency wallets that OFAC has identified as being connected to Gambashidze shows that they have received over $200,000 in USDT on the TRON network, with a sizable portion coming from the now-approved exchange Garantex. said Chainalysis.

“He then cashed out most of his funds to a single deposit address at a mainstream exchange. These transactions highlight Garantex's continued involvement in the Russian government's illicit activities.” a blockchain analytics firm noted.

As of at least February 2022, Doppelganger has been operating, and Meta has characterized it as the “largest and the most aggressively persistent Russian-origin operation.”


Recorded Future disclosed plans by the malicious network to use generative Artificial Intelligence (AI) to generate scalable influence content and fabricate news stories in December 2023.

As of July 2023, the Council of the European Union imposed sanctions on SDA, Structura, and Gambashidze for their roles in the Recent Reliable News (RRN) digital information manipulation campaign, which aimed to spread propaganda endorsing Russia's war against Ukraine.

“This campaign [...] relies on fake web pages usurping the identity of national media outlets and government websites, as well as fake accounts on social media. This coordinated and targeted information manipulation is part of a broader hybrid campaign by Russia against the EU and the member states.” the Council said at the time.

The event occurred when the Protecting Americans' Data from Foreign Foes Act, or H.R.7520, was unanimously approved by the U.S. House of Representatives. The law would prohibit data brokers from selling sensitive American information to foreign foes, including China, Russia, North Korea, and Iran.

It also comes one week after another bill, the Protecting Americans from Foreign Adversary Controlled Applications Act (H.R. 7521), was passed by Congress. This bill aims to prohibit Chinese company ByteDance from using the well-known video-sharing platform TikTok for six months, citing national security concerns.