Moldova Faces Sophisticated Russian Disinformation Campaign Ahead of 2025 Elections
Chisinau, Moldova – As Moldova gears up for parliamentary elections in September 2025, the country finds itself grappling with a sophisticated Russian-backed disinformation campaign aimed at destabilizing its pro-European government. Cybersecurity researchers at Silent Push have uncovered a network of websites disseminating biased and inflammatory content designed to erode public trust and sway voters back towards Moscow’s influence. This operation, identified as a continuation of the 2022 “Absatz” campaign, leverages advanced technical tactics to evade detection and maximize its impact.
The disinformation campaign, first detected in April 2025, utilizes a network of newly registered websites publishing articles in Romanian and Russian. These websites, employing identical templates and shared infrastructure, echo narratives previously seen in Russian propaganda efforts. The articles feature inflammatory headlines and commentary targeting the ruling coalition, accusing them of corruption and mismanagement, while promoting pro-Russian narratives and a return to closer ties with the Kremlin. Silent Push researchers utilized open-source intelligence and network traffic analysis to identify the campaign, tracing the domains to IP addresses previously linked to the 2022 Absatz disinformation operation. This connection strongly suggests a coordinated and persistent effort by Russian actors to manipulate public opinion in Moldova.
The technical sophistication of the campaign is evident in the methods employed to create, distribute, and amplify the disinformation. The websites utilize a specific PHP module for content generation and URL parsing, a code snippet reused from the 2022 Absatz campaign. This “digital fingerprint” allowed researchers to definitively link the two campaigns and trace the evolution of the malicious codebase. Further analysis revealed advanced evasion tactics, including the use of rotating content delivery networks (CDNs) and proxy servers to mask the origin of the content and complicate takedown efforts. DNS records with extremely short Time-To-Live (TTL) values further hinder detection, forcing security teams to constantly update their systems.
The campaign operators also demonstrate a high degree of adaptability and resilience. When researchers successfully blocked access to one malicious domain, the website automatically redirected visitors to an alternate domain using a stealthy JavaScript loader. This loader fetched an obfuscated payload from a third-party CDN, effectively recreating the disinformation content on the user’s browser without directly accessing the blocked domain. This dual-stage loading mechanism allows the campaign to bypass domain blacklisting efforts and maintain its online presence. The campaign’s command-and-control infrastructure relies on TLS-encrypted channels using non-standard ports, the same ports observed in the 2022 Absatz campaign, further reinforcing the connection between the two operations.
Social media platforms are also exploited for amplification. Bot accounts mimicking genuine users spread the disinformation, strategically mixing political content with neutral topics to avoid detection. This tactic makes identifying and removing these accounts more challenging. The campaign illustrates the increasing sophistication of disinformation operations, leveraging technical expertise to evade detection and manipulate public opinion. By blending technical prowess with carefully crafted narratives, the campaign seeks to sow discord and undermine confidence in Moldova’s democratic institutions.
The timing of the campaign, coinciding with the upcoming parliamentary elections, is no coincidence. The aim is clearly to influence the outcome of the elections and push Moldova away from its pro-European trajectory. This highlights the vulnerability of democratic processes to foreign interference, particularly through sophisticated disinformation campaigns. The discovery of this campaign underscores the urgent need for increased vigilance and collaboration between cybersecurity researchers, governments, and social media platforms to combat disinformation and protect the integrity of democratic elections. Silent Push continues to monitor and analyze the evolving infrastructure of the disinformation network and is providing telemetry data to its clients to enable proactive defense measures. The escalating information war highlights the crucial role of media literacy and critical thinking in navigating the complex digital landscape. As Moldova approaches the polls, the ability of citizens to identify and resist disinformation will be crucial in safeguarding the country’s democratic future.
