A hacking group has claimed that the US government is currently operating more than a dozen secret biological labs in Ukraine and is likely responsible for a series of disease outbreaks in the country – bold claims later repeated, without criticism, by Russian state media.

The hackers – despite the assertions of media outlet Tass to the contrary – are widely believed to be linked to the Russian government. It is perhaps one of the most blatant examples of the Kremlin's propaganda machine in action – a toxic blend of hacking, misinformation and spin.

Why the Russian state 'weaponised' stolen medical records of famous footballers Read more

On 25 August, Tass released an article with the claim that "Ukrainian hacker group" CyberBerkut had evidence that "a network of biological labs is running covert experiments in Ukraine under US control".

The CyberBerkut analysis was both anti-America and anti-Ukraine at the same time.

For pro-Russia outlets like Tass and Sputnik, it may as well have been presented with a bow on top.

The report, titled "Ukraine is a Field for Pentagon's Biological Tests", said that since 2009 the US government had "sponsored" at least 15 biological facilities in Ukraine and that local staff working there didn't have full access to the main storage units containing viruses and bacteria.

It claimed to have uncovered a conspiracy involving the US Defense Intelligence Agency (DIA) after hacking the personal email inbox of Eliot J. Pearlman, a former US Army medical officer who founded the International HIV/AIDS Institute, a Kiev-based NGO.

"The epidemics of rare diseases that have shaken Ukraine in recent years may be caused by leaks from these laboratories," the hackers wrote.

"However, this option seems very improbable given the American specialists' high level of skills. Most likely, these infections were dispersed intentionally and were part of the testing of combat viruses modifications for the purpose of their testing and improvement."

CyberBerkut concluded that Ukraine was ignoring international weapons conventions.

"With [US] assistance the Ukrainian authorities are turning the country into a testing ground for lethal weapons, endangering the survival of the entire nation," it wrote.

Tass played along, echoing that Ukraine had suffered "several outbreaks of measles" in recent years. It referenced an "unknown intestinal infection" that hit the Ukrainian city of Izmail in 2016. But that, according to the US embassy in Ukraine, was caused by a contaminated water supply.

The Tass report ended there – neglecting to question the motives of CyberBerkut or the identities of the hackers behind such a wide-ranging operation.

Luckily, the unit has already been well-documented by security experts.

What is CyberBerkut ?



"The group has aligned itself as pro-Russian, anti-Ukrainian, and most recently attacked Western intervention efforts in the Ukrainian conflict," explained Recorded Future.

"While the group has taken Ukrainian identities, technical links [...] connect the group to Russia."

And ThreatConnect, another cybersecurity company that has experience in dealing with Kremlin-linked propaganda operations, profiled the group last year.

"They borrow the 'Berkut' name from the now disbanded Ukrainian riot police," it noted, adding: "CyberBerkut runs a digitally-fuelled, aggressive, active measures campaign directed against a pro-western government in Kiev and points of western influence in eastern Europe."

Furthermore, the most recent actions of CyberBerkut appear to perfectly align with the US government's analysis of how it works and why it exists.

One in-depth report from the US Defense Intelligence Agency, which is a fork of the intelligence community, described it as "a front organisation for Russian state-sponsored cyber activity, supporting Russia's military operations and strategic objectives in Ukraine".

That same report, published earlier this year, said that its aim has always been to "demoralise, embarrass, and create distrust" with the use of "a range of both technical and propaganda attacks, consistent with the Russian concept of information confrontation."

In terms of profiling, that's fairly accurate.

The US government has clashed with Kremlin-linked hacking groups over the years, most recently in the cyberattacks against the US 2016 presidential election.

Following that, a declassified intelligence report (6 January) was published – the work of the FBI, CIA and NSA, which specifically referenced how the agenda of the Russian government, state-sponsored hackers and primary media outlets like Tass and RT often perfectly align.

"Moscow's influence campaign followed a Russian messaging strategy that blends covert intelligence operations [...] with overt efforts by Russian government agencies, state-funded media, third-party intermediaries, and paid social media users," the analysis read.

Russia has previously been accused of using chemical weapons in Ukraine. And in April 2017, as reported by the New York Times, the White House slammed Russia for using "false narratives" to support a "cover-up" of the Syrian government's use of sarin gas on its own citizens.

At the time of writing, only Russian state media had covered the hackers' claims.

