7968972674?profile=RESIZE_400xArtem Lifshits is allegedly a part of Project Lakhta/IRA: the ongoing disinformation campaign targeting the upcoming US election.  Lifshits is facing US criminal charges to commit wire fraud as he was accessing cryptocurrency exchange accounts created using stolen US persons’ personal data.

 

Artem Lifshits Profile

Name:                           Artem Mikhaylovich Lifshits, Artem Lifshits, Artyom Lifshits.

Name in Russian:               Лифшиц Артем Михайлович, Артем Михайлович Лифшиц, Артем Лифшиц

Aliases:                         Artyom Tyomny, artemlv, artemous, mycryptodeals, sh0rtnam3, Артём Тёмный.

DOB:                             26 Dec 1992.

Passport:                       719032284.

Address:                        Primorsky Prospect 159, Saint Petersburg 197374, Russia.

Education:                     Saint Petersburg State University, Faculty of Economics.

Phone Number:              79110354982.

Cryptocurrency Add.:        XBT 12udabs2TkX7NXCSj6KpqXfakjE52ZPLhz;

XBT 1DT3tenf14cxz9WFNxmYrXFbB6TFiVWA9U;

ETH 0x901bb9583b24d97e995513c6778dc6888ab6870e;

LTC Leo3j36nn1JcsUQruytQhFUdCdCH5YHMR3;

DASH Xs3vzQmNvAxRa3Xo8XzQqUb3BMgb9EogF4.

Emails:                                  mycryptodeals@yandex.ru; artemlv@hotmail.com.

Social Networks:                vk.com/id5856430 “Artyom Tyomny”.

 

7968958301?profile=RESIZE_400x

Figure 1. Artem Lifshits (during his first years in college, approx. 3 years before the troll activity)

 

 

Details

A Russian national who is allegedly part of an ongoing disinformation campaign targeting the upcoming US election is facing a charge of conspiracy to commit wire fraud, according to the US Department of Justice (DOJ).[1]

Artem Mikhaylovich Lifshits, 27, of St. Petersburg, Russia, allegedly served as a manager for "Project Lakhta," a Russia-based effort to engage in political and electoral interference operations. Project Lakhta is also known as Yevgeniy Prigozhin’s Internet Research Agency (IRA), the “Russian troll farm,” that was first sanctioned by the US in 2018.  The project's goal is to disrupt the democratic process and increase public distrust of candidates and the political system, but prosecutors allege Lifshits and co-conspirators also committed aggravated identity theft and wire fraud in the process.[2]

Lifshits applied to work on Project Lakhta in July 2015.  By January 2017, he became a manager in the “Translator Department,” which engaged in social media campaigns (on YouTube, Facebook, Instagram, and Twitter) designed to stoke political division among Americans.  Some of the alleged conduct, including stealing identities to set up cryptocurrency accounts, dates to 2017.  But the criminal complaint said that the social media campaign has been active through this year.[3]

“Law enforcement have identified social media accounts used by Project Lakhta members since August 2019 up until the present to post about a wide range of topics, including, but not limited to, gun rights, LGBTQ issues, and the Black Lives Matter movement,” prosecutors reported.  They “are using sophisticated methods to obfuscate the origins of their social media activity, including the use of virtual private servers, software enabling anonymous communications, and single use or ‘burner’ email accounts,” the complaint indicated.

The group set up a fake nonprofit organization in Ghana called, “Eliminating Barriers for the Liberation of Africa” and then began efforts to reach Black Americans.  That group was shut down by Facebook in March 2020.  Lifshits stole identities to fund the misinformation campaigns and for personal gain.  Project Lakhta is believed to employ hundreds of people and has a multimillion-dollar annual budget.  US authorities say the operation was funded in part by criminal activity and by Russian oligarch Yevgeniy Prigozhin, an associate of Russian President Vladimir Putin who is known as “Putin’s chef.”  Red Sky Alliance analysts had previously identified Prigozhin in the 2016 election trolling project.[4] 

Red Sky Alliance discovered Lifshits aliases on VK, Russian social network, followed his family move from Moscow to St. Petersburg Russia, where he studied in St. Petersburg State University, Faculty of Economics, and was employed by IRA/Project Lakhta soon after graduation (See Lifshits Profile above).

Liftshits is believed to be living in Russia, so he likely will never face the charge in the US if ever convicted.  He could face a maximum penalty of 20 years in prison.  "Since 2014, Project Lakhta has sought to obscure its conduct by operating through a number of entities, including [Russia's] Internet Research Agency.”[5]  US intelligence agencies said the Internet Research Agency created social media content seeking to divide US voters and drive support for President Donald Trump's candidacy in 2016.

Lifshits allegedly played an important role in the conspiracy to use the stolen identities of US citizens to open fraudulent accounts at banks and cryptocurrency exchanges, according to US court documents unsealed on 17 September 2020.  The stolen money was used to fund Lakhta's operations and for Lifshits' personal financial gain.  "Lifshits allegedly conspired with other group members to obtain means of identification of US citizens, from which he opened fraudulent accounts at banking and cryptocurrency exchanges in the victims' names," the DOJ reported. 

Bitcoin addresses associated with Lifshits were used from March 2017 to April 2019, Ethereum address – from March 2018 to May 2018, Litecoin address – from January 2018 to February 2018, Dash address – in September 2018 (see Indicators below).

Lifshits and his co-conspirators used an online underground criminal forum to buy US citizen personal information such as images as information from their driver licenses. Later, this personal information was used to register accounts on cryptocurrency exchanges and other online services. As Lifshits was moving some funds to his personal cryptocurrency exchange accounts, it was discovered that IP addresses and user-agents used prove that he was also accessing accounts created with stolen US person information.

Lifshits’ Connections and Other Sanctions

7968963684?profile=RESIZE_710x

Figure 2. Artem Lifshits' top connections

 

Artem Lifshits and his father, Michael Lifshits, are co-owners of a company called Your Registrar (in Russian: ООО "Ваш Регистратор").[6]  His father also managed Rotec and The High-Tech Department at Renova Group that are owned by Viktor Vekselberg, another sanctioned Putin associate (Figure 2).[7]

 

The indictment alleges that Project Lakhta members traveled to the US to collect intelligence, establish a computer infrastructure, and build their influence campaign to reach millions of US citizens through social media.  Project Lakhta is also believed to have engaged in political and electoral interference operations targeting populations within the Russian Federation, nations in the European Union and Africa, as well as Ukraine. 

In 2018, 44 year old Elena Alekseevna Khusyaynova of St. Petersburg, Russia, allegedly the chief accountant for Project Lakhta, was charged with coordinating a four-year campaign to spread divisive themes aimed at disrupting the US political system.

In September 2020, Facebook reported the Russian-backed IRA is again using sham accounts and fake news sites to spread disinformation in advance of the November election.  Facebook said it removed 13 accounts and two pages from its platform in August that had links to the IRA. Twitter also removed several accounts from its platform.

In another move designed to bolster election security ahead of November, the Department of Treasury's Office of Foreign Assets Control on Thursday imposed sanctions on four Russia-linked individuals, including Lifshits, for attempting to influence the US electoral process. Three are suspected of controlling cryptocurrency accounts that help fund the IRA troll farm's work, according to the Treasury announcement.

7968965868?profile=RESIZE_710x

Figure 3. Andrii Derkach during his post-sanction press-conference

 

Also sanctioned by the same order was Andrii Derkach, a member of Ukraine's parliament who allegedly works as a Russian agent. Derkach is suspected of spreading disinformation about the 2020 election, including spreading false stories about Democratic nominee Joe Biden, according to US intelligence reports. On September 16th, 2020, Derkach reacted to the sanction by publishing additional financial documents and audiotapes allegedly documenting Bidens talks with former Ukrainian President (Figure 3).[8]  Current position of the Ukrainian government regarding the previous tapes published by Derkach is that they investigate it to figure out how the confidential negotiations of the Ukrainian president were possibly intercepted.[9]

On September 23d, 2020, additional sanctions were levied targeting partners and business interests of IRA’s Evgeniy Prigozhin, and on companies helping Russian Federal Security Service to procure sensitive maritime technologies.[10]  One of the previously voiced concerns was Russia’s potential to interfere with undersea Internet cables.

---

Serial: IR-20-268-001

Report Date: 09232020

Country: RU, US, UA

Industry: Government, Media, Social Media

---

Red Sky Alliance has been tracking Russian interference for the past 5 years.  We are a Cyber   Threat   Analysis   and   Intelligence Service organization.  For questions, comments or assistance, please contact the lab directly at 1-844-492-7225, or feedback@wapacklabs.com.  

Red Sky Alliance can help protect with attacks such as these.  We provide both internal monitoring in tandem with RedXray notifications on ‘external’ threats to include, botnet activity, public data breaches, phishing, fraud, and general targeting.

https://www.wapacklabs.com/redxray

Red Sky Alliance is in New Boston, NH USA. We are a Cyber Threat Analysis and Intelligence Service organization. For questions, comments or assistance, please contact the lab directly at 1-844-492-7225, or feedback@wapacklabs.com

 

 

[1] https://www.justice.gov/opa/pr/russian-project-lakhta-member-charged-wire-fraud-conspiracy

[2] https://www.justice.gov/opa/press-release/file/1315491/download

[3] www.bankinfosecurity.com/doj-says-russian-went-beyond-election-disinformation-a-14984

[4] “Russian Troll Handlers” report available to paying Red Sky alliance members redskyalliance.slack.com/files/U72S14YC9/F8829RCJV/ir-091-2017_ru_troll_handlers.pdf

[5] https://www.justice.gov/opa/press-release/file/1315491/download

[6] zachestnyibiznes[.]ru/company/ul/1187847101771_7811689095_OOO-VASh-REGISTRATOR [in Russian]

[7] foreignpolicy[.]com[.]ua/polityka-i-suspilstvo/kto-popal-pod-poslednye-sanktsyy-ssha-krome-derkacha/ [article in Russian]

and www[.]raexpert[.]ru/database/person/lifshic_mihail_valerevich [article in Russian]

 

[8] gordonua[.]com/news/politics/tramp-pes-begushchiy-za-mashinoy-derkach-obnarodoval-novye-zapisi-razgovora-yakoby-poroshenko-i-baydena-1518654.html [article in Russian]

and www.youtube.com/watch?v=1OLgHJmON80 [in Russian]

[9] gordonua[.]com/news/politics/zapisi-razgovora-baydena-i-poroshenko-zelenskiy-zayavil-chto-ego-interesuet-tolko-to-kak-mozhno-bylo-proslushivat-prezidenta-1502327.html [article in Russian]

[10] https://home.treasury.gov/news/press-releases/sm1133

and https://home.treasury.gov/policy-issues/financial-sanctions/recent-actions/20200923_33

 

 

PDF version: IR-20-268-001_Russia_Lifshits_FINAL.pdf

Indicators: IR-20-268-001_Russia_Lifshits.csv

E-mail me when people leave their comments –

You need to be a member of Red Sky Alliance to add comments!

Join Red Sky Alliance