ESET Research has uncovered Operation Texonto [7], a cyber-psyops campaign targeting Ukrainian citizens with Russian propaganda themes [3].


Operation Texonto aimed to make citizens believe Russia was winning the war by distributing war-related schemes and disinformation via spam emails [3]. Spear-phishing attacks targeted a Ukrainian defense company in October 2023 and an EU agency in November and December 2023 using fake Microsoft login pages. The threat actor behind the campaign also utilized an email server for sending Canadian pharmacy spam, indicating potential ties to a Russian cybercrime community. Domain names associated with the campaign referenced topics like Alexei Navalny, suggesting a Russia-aligned group’s involvement. The campaign targeted Ukrainian government employees and energy companies initially [4], expanding to reach a broader audience, including Ukrainian speakers in other European countries [4]. The emails contained pro-Russian content and even suggested self-harm as a means to avoid military deployment. Operation Texonto combined elements of espionage, disinformation [1] [2] [3] [4] [5] [6] [7] [8], and fake pharmacy campaigns [4], exhibiting characteristics of PSYOPs during wartime [1]. Researchers suspect the campaign may extend to targeting Russian dissidents and supporters of the late opposition leader.


Operation Texonto highlights the need for increased cybersecurity measures to combat cyber-psyops campaigns. It is crucial for organizations and individuals to remain vigilant against such threats and to implement strong security protocols to protect sensitive information. The implications of Operation Texonto may extend to future attacks targeting Russian dissidents and supporters, emphasizing the importance of ongoing monitoring and response strategies in the face of evolving cyber threats.