A comprehensive investigation by Bulgarian cybersecurity firm BG Elves has uncovered a massive Russian influence campaign targeting Bulgaria and Romania, with expenditures reaching approximately 70 million euros.
The operation, which dates back to 2010, employed sophisticated methods to spread disinformation and manipulate public opinion across both countries. According to the report, funds were distributed through numerous small transactions, often not exceeding 5,000 euros, to avoid detection.
The investigation identified a key player in the scheme - a company called Adnow, which allegedly deployed targeted advertisements containing controversial content and misleading health claims. The system collected detailed user profiles, including location, gender, and behavioral data, to optimize its influence operations.
BG Elves discovered that the technical infrastructure supporting these activities relied on servers located in the Netherlands and Germany. The operation allegedly used malicious software, including Remote Access Trojans (RATs), to monitor personal communications and exploit user networks for spreading propaganda.
The cybersecurity experts found evidence linking the financial trails to various companies and individuals operating within Bulgaria and Romania. The findings have been shared with investigative journalists and relevant authorities in Romania, Ukraine, and the United Kingdom.
The report details how the operation expanded to include multiple services, such as bot farms and VPN networks, all reportedly designed to amplify Russian propaganda messaging. According to BG Elves, thousands of users may have been affected by the malware deployment, enabling widespread access to personal data that was allegedly transmitted to Russia.
The investigation continues as experts work to determine the full scope of this influence campaign, which represents one of the largest documented cases of foreign interference in the region.