Disinformation Campaign

Bart Lenaerts-Bergmans - March 19, 2024

What is a disinformation campaign?

Disinformation campaigns — deliberate efforts to spread false information — have become a significant cybersecurity threat in this digital age. But fundamentally, they’re not new. Historically, disinformation stretches back for centuries, especially as a tool in warfare and politics. What we’re presently seeing is a transformation of disinformation campaigns fueled by advancements in technology and the rise of social media.

In this post, we’ll explore the mechanics of disinformation campaigns. We’ll look at the tools used to execute them and what cybersecurity professionals should do to identify and counter them.

Let’s start with a primer on the mechanics of disinformation campaigns.

2023 Threat Hunting Report

In the 2023 Threat Hunting Report, CrowdStrike’s Counter Adversary Operations team exposes the latest adversary tradecraft and provides knowledge and insights to help stop breaches. 

Download Now

The mechanics of disinformation campaigns

The techniques used in disinformation campaigns vary based on specific contexts or goals. However, certain commonalities in strategy exist, and they include:

  • Creating false narratives: Crafting and spreading stories that are grossly distorted or even entirely false.
  • Emotional manipulation: Leveraging content that triggers strong emotions — like fear or anger — to increase engagement and dissemination.
  • Exploiting divisions: Sowing discord and confusion by intensifying existing societal or political divisions.

Targets and victims

Disinformation campaigns often take aim at governments, seeking to undermine confidence in public institutions to influence policy making. They also target corporations by attempting to tarnish business reputations and erode consumer trust. Of course, disinformation campaigns may also target individuals, aiming to influence personal beliefs and behaviors with misleading information.

The use of misinformation can substantially sway public opinion, influencing democracy or public policy. This is a real threat in the context of elections, where disinformation can manipulate voter perceptions. Beyond politics, disinformation campaigns can also pose risks to public health and safety, especially when they spread false information about health crises.

Role of social media and technology

Social media and technology have played a pivotal role in the spread of disinformation. Because social media platforms can reach vast audiences, they can also be exploited to amplify false narratives. Perpetrators of disinformation take advantage of social media platform algorithms that target content for specific groups, thereby making their spread of disinformation more efficient.

In addition, the anonymity of the internet has led to the prolific use of bots and fake accounts, creating a false sense of consensus or popular opposition.

Tools used in disinformation campaigns

Just like most tools used in cyberattacks, the tools used in disinformation campaigns are advanced and sophisticated. Understanding these tools is crucial for recognizing and countering disinformation.

Bots, automation, and AI

Bots are automated programs that can rapidly spread disinformation across platforms, operating simultaneously while numbering in the thousands (or more). This creates an illusion of widespread support or opposition that can influence public opinion more effectively than human-operated accounts.

The recent rise and accessibility of generative AI has led to the propagation of malicious content. AI can be used to generate convincing fake content, including deepfakes — synthetic media where a person in an existing image or video is replaced with someone else’s likeness. Disinformation campaigns use this technique to deceive unsuspecting media consumers into believing that someone of influence (such as a celebrity or public figure) has made a certain claim or participated in a certain act.

Micro-targeting and geofencing

Micro-targeting involves delivering tailored messages to a specific audience. This technique is often coupled with data analytics to determine which targets would be most susceptible. Another technique, geofencing, uses geography to establish a virtual boundary. Then, a disinformation campaign may be concentrated within those boundaries, maximizing its impact on the targeted community.

Now that we have explored the tools and tactics of disinformation campaigns, let’s explore defensive measures that can be taken in response.

Defensive measures against disinformation

In the fight against disinformation, enterprises must combine technological solutions with human vigilance and collaboration.

Technological solutions

One line of defense against disinformation involves using artificial intelligence and machine learning, technologies that are adept at identifying and filtering out false information by analyzing patterns and flagging anomalies. As part of the effort to discern AI-generated content and add verifiable trust to content, a growing field in cybersecurity is content authentication. Content authentication centers around verifying the authenticity of digital content. It includes techniques like watermarking and attaching provenance information to media content.

Human behavior and media literacy

Equally important in the fight against disinformation is the need to enhance media literacy. Critical areas of education include:

  • The nature of disinformation
  • How to identify false information
  • How to develop skills in critical thinking
  • How to share content responsibly
  • How to verify information before sharing

Fostering a more informed and skeptical user base will create a more resilient digital community.

Collaboration between sectors

Finally, combatting disinformation depends on robust public-private partnerships — collaboration between governments, technology companies, and civil organizations. International cooperation — leading to the sharing of best practices, resources, and intelligence — is also vital.

With these defensive measures in place, technology professionals can play a pivotal role in countering disinformation. This leads us to the best practices that these professionals should adopt in the fight against disinformation.

Demo: Falcon Counter Adversary Operations

Watch how CrowdStrike Counter Adversary Operations unifies our industry-leading threat intelligence and hunting teams with integrated offerings to stop modern breaches and raise adversaries’ cost of doing business.

Watch Now

Next steps for security professionals

Being at the forefront of the fight against disinformation involves a combination of strategic actions and continuous learning:

  • Leverage threat intelligence to stay informed about the latest disinformation tactics, especially as disinformation campaigns are continually evolving.
  • Implement regular audits, threat monitoring, and system updates to guard against disinformation-based attacks.
  • Develop systems with information integrity in mind, ensuring they are designed to resist manipulation and false information.
  • Educate users by creating awareness programs about the risks and signs of disinformation.

Disinformation campaigns are adversarial tactics that have been used for centuries, but they have taken on a new significance in our modern, globally interconnected world. Education and awareness — coupled with robust cybersecurity tools — are critical to fighting the battle against disinformation.

For this reason, enterprises are leaning on the CrowdStrike Falcon® platform for its sophisticated, AI-native threat intelligence. Whether it’s proactive threat hunting from CrowdStrike Falcon® Counter Adversary Operations or disrupting threats originating from the dark web, enterprises are taking a multifaceted approach to protecting their assets and their businesses from disinformation. The CrowdStrike Counter Adversary Operations team also publishes hundreds of in-depth intelligence reports via CrowdStrike Falcon® Adversary Hunter about ongoing disinformation campaigns used by hacktivists or politically inspired threat actors around the globe.


Bart is Senior Product Marketing Manager of Threat Intelligence at CrowdStrike and holds +20 years of experience in threat monitoring, detection and intelligence. After starting his career as a network security operations analyst at a Belgian financial organization, Bart moved to the US East Coast to join multiple cybersecurity companies including 3Com/Tippingpoint, RSA Security, Symantec, McAfee, Venafi and FireEye-Mandiant, holding both product management, as well as product marketing roles.