A Russian influence operation hijacked hundreds of Bluesky accounts — including those of prominent Americans — to spread pro-Kremlin propaganda, researchers said, marking a striking shift from fake personas to the weaponisation of authentic online identities.
Researchers at Clemson University linked the campaign to the Moscow-based firm Social Design Agency (SDA), saying the operation targeted journalists, academics and filmmakers on the social media platform. Many of the compromised accounts were used to amplify anti-Ukraine narratives, underscoring how pro-Kremlin actors are experimenting with new tactics to erode international backing for Ukraine following Russia’s 2022 invasion.
“Looks like someone got into my account and posted some story about France and Ukraine,” Alex Ward wrote on Bluesky after his account was breached. The post was later deleted, and Ward said he had regained control of the account.
A database tracking Russian influence operations — shared with AFP by a Clemson University researcher — listed at least one other Wall Street Journal reporter among the compromised accounts. “Bluesky account got compromised and banned and then I got the account back somehow,” Jake Tucker wrote on the platform.
Other affected users included filmmaker Mary Beth McAndrews and academic Ben Gilbert. “We have certainly seen bad actors use hacked accounts and stolen accounts in the past. Frequently, in fact. This seems more targeted,” Clemson University researcher Darren Linvill told AFP.
“I’ve personally never seen Russia use hacked accounts at this scale before.” It remains unclear how many accounts were compromised, with Bluesky removing many propaganda posts or suspending affected accounts until users could reclaim them.
Linvill said he had personally tracked “at least a couple of hundred accounts the Russians hacked,” though he estimated the true figure was likely much higher. Bluesky said it removed 4,907 accounts linked to “state-backed influence activity” this year — roughly twice the number seen over the same period last year.
“Compromising real accounts to spread propaganda is a tactic these actors have used elsewhere for years, but this is the first time we’ve seen them attempt it on Bluesky,” the platform’s safety team said in a statement. “The accounts accessed were mostly older and dormant, though some active accounts were affected too.”
The company added that its own systems had not been breached and suggested the attackers likely gained access through credentials exposed in earlier data leaks. Clemson University attributed the operation to a Kremlin-linked influence campaign known as Matryoshka — named after the Russian nesting doll — which researchers say has long relied on impersonation tactics.
“It has stolen the logos of media outlets, government agencies, and private companies and used AI to clone the voices of celebrities, policemen, academics, journalists, and others,” Joseph Bodnar told AFP.
“Hacking into accounts to post content using someone else’s identity is a logical next step for an operation that appears to have a lot of resources and no ethical constraints,” he added. The SDA has been sanctioned by the United States, the European Union and the United Kingdom over alleged information warfare campaigns.
“The SDA has been tasked and funded by the Kremlin to deliver a series of interference operations designed to undermine democracy and weaken support for Ukraine,” Britain’s Foreign Office said earlier this month. The statement accompanied fresh British sanctions against 49 people linked to the SDA, including writers, translators and video producers accused of creating deceptive Kremlin propaganda.
Despite the sophistication of the operation, researchers said its direct reach on Bluesky appeared limited. The platform’s safety team said the propaganda posts averaged around 50 views before being removed.
“Sophistication isn’t impact,” Bodnar said.
“Matryoshka’s impact is driven more by public perception than by its ability to persuade audiences online. It’s a perception hack.”
Comments are closed.