Connect with us

Hi, what are you looking for?


Artificial Intelligence

US Disrupts AI-Powered Russian Bot Farm on X

The US and allies blame Russian state-sponsored threat actors for using Meliorator AI software to create a social media bot farm.

AI Bot Farm

Threat actors affiliated with RT (formerly Russia Today), a Russian government-backed media organization, have used artificial intelligence (AI) features of the Meliorator software to create fake online personas used to disseminate disinformation to and about the US, Germany, Israel, the Netherlands, Poland, Spain, and Ukraine, reads a joint advisory from the government agencies.

Meliorator was designed to create seemingly authentic social media personas en masse, post content like authentic users, mirror disinformation posted by other fake personas, perpetuate false narratives, and formulate messages.

The tool consists of an administrator panel named Brigadir, which serves as the primary end-user interface, and a seeding tool named Taras, a back-end used to control the fictitious personas.

Threat actors could use Meliorator to create bots based on specific parameters or archetypes and had access to automated scenarios or actions that could be completed on behalf of groups of bots.

According to the authoring agencies, RT had access to the AI-enabled bot farm generation and management software since 2022 and used it to disseminate disinformation in support of Russia’s interests.

As of June 2024, Meliorator was only compatible with X, where Russian threat actors used it to create 968 accounts to use as part of their influence operations.

On Tuesday, the US announced it seized two domain names that were used by private email servers the Russian threat actors relied on to register the fake social media accounts for the bot farm.

The bot farm, the affidavits filed in support of the seizure warrants show, was controlled by a Russian FSB officer, a Meliorator developer, and members of a private intelligence organization, “with the approval and financial support of the Presidential Administration of Russia (aka the Kremlin)”.

Advertisement. Scroll to continue reading.

The identified accounts have been suspended by X, but the government agencies call for other social media platforms to take note of the influence operation and “assist with identifying fictitious personas to reduce Russian malign foreign influence activity”.

Related: Google Disrupts More China-Linked Dragonbridge Influence Operations

Related: Why We Need to Get a Handle on AI

Related: Senators Urge $32 Billion in Emergency Spending on AI After Yearlong Review

Related: US Releases International Cyberspace Strategy

Written By

Ionut Arghire is an international correspondent for SecurityWeek.


Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Learn how to utilize tools, controls, and design models needed to properly secure cloud environments.


Event: ICS Cybersecurity Conference

The leading industrial cybersecurity conference for Operations, Control Systems and IT/OT Security professionals to connect on SCADA, DCS PLC and field controller cybersecurity.


People on the Move

SaaS security company AppOmni has hired Joel Wallenstrom as its General Manager.

FTI Consulting has appointed Brett Callow as Managing Director in its Cybersecurity & Data Privacy Communications practice.

Mobile security firm Zimperium has welcomed David Natker as its VP of Global Partners and Alliances.

More People On The Move

Expert Insights