THREAD: Here are some notable takeaways from the US gov’s actions today against groups and individuals associated with Russian disinformation efforts around the 2020 US presidential election, and how they used cryptocurrency.
Today, OFAC sanctioned several groups and individuals involved in the Russian government's efforts to influence the 2020 U.S. presidential election, including a crypto-friendly synthetic identity document provider. Here's everything you need to know. blog.chainalysis.com/reports…
1
6
2
15
In total, three of the groups and one of the individuals added to the OFAC SDN list today have cryptocurrency addresses that were included in their SDN entries. bit.ly/2Qn7bpT
1
0
0
2
The first is SouthFront, an online disinformation site registered in Russia that takes orders from the Federal Security Service (FSB), a Russian intel Service. SouthFront controls 3 crypto addresses that have received >$12K worth of funds since 2018. bit.ly/2Qn7bpT
1
0
0
2
Second is the Association for Free Research and International Cooperation (AFRIC), a front for Russian financier Yevgeniy Prigozhin's influence operations in Africa. bit.ly/2Qn7bpT
1
0
0
2
Prigozhin was already sanctioned for previous disinformation efforts. AFRIC controls two crypto addresses that have not yet been active. bit.ly/2Qn7bpT
1
0
0
2
Third is Secondeye Solution (SES), a Pakistan-based synthetic ID document vendor that helps users get accounts at crypto exchanges and other MSBs w/ fake IDs. SES assisted Russian disinfo purveyors, providing fake ID documents to help them evade sanctions. bit.ly/2Qn7bpT
1
0
0
2
SES accepted payments in cryptocurrency, controlling 19 addresses that together have received over $2.6M worth of crypto since 2013. bit.ly/2Qn7bpT
1
0
0
2
Last was an individual: Mujtaba Ali Raza, the owner and operator of SES. He controls four crypto addresses that have received over $14K worth of funds since 2017. bit.ly/2Qn7bpT
1
0
0
2
SES provided fake ID documents in digital form for the sole purpose of fooling remote KYC processes employed by crypto exchanges, fintech platforms, and some banks. Its website lists several different types of available ID documents. bit.ly/2Qn7bpT

8:42 PM · Apr 15, 2021

1
2
0
4
Blockchain analysis shows SES transacted with several popular exchanges. Many addresses it used to receive payment were also hosted at large exchanges. One of those addresses is still active and has received >$1.3M in crypto to date. bit.ly/2Qn7bpT
1
1
0
5
SES was sanctioned for selling fake ID documents to threat actors associated with Russia’s Internet Research Agency, a “troll farm” that pushes online disinfo for the Russian government, and is known for having interfered in the 2016 U.S. election. bit.ly/2Qn7bpT
2
1
0
5
A Treasury Department press release on these actions also confirmed that the FSB works with cybercrime syndicate Evil Corp, known for ransomware strains like WastedLocker and Doppelpaymer. home.treasury.gov/news/press…
1
2
1
6
That press release also officially attributed the recent SolarWinds breach, which compromised several U.S. government and private sector networks, to the SVR, another Russian agency. home.treasury.gov/news/press…
1
1
0
6
Overall, today’s actions are a huge success for the US gov, but underline the risks to the crypto ecosystem brought about by nation state threat actors and synthetic ID document vendors like SES. Read our full blog for more information. bit.ly/2Qn7bpT
0
7
1
9