Treadstone 71 has every page of every document posted by two Russian hackers over the past several days and provided to:


We examined the documents closely and read a the comments in the RU channel where posted. The documents are quite convincing. They lay out influence operations, steps for disinformation to cause low RU troop morale, pslost information on the officers involved, and call out the FSB as targets for the plan.

In fact, a second hacker known for his nasty verbal and sophomoric attacks against Ukrainians (very RU sarcastic attempts), sent his copies of additional documents on the same topics. Both hackers had documents that were not original soft copies but photographs of PowerPoint briefings with folded pages and cockeyed images.

Why is there doubt?

First of all, the ability of two different hackers having artifacts from the same treasure trove, not knowing if each others acquisition is odd. Mostly since the photos had to come from someone with direct access to the content. Why no original soft copies? Top Secret environments don’t allow this.

But there are no classification markings on the documents. So phones were allowed to the briefing but no electronic recording devices but for phones?

Something this sensitive and made out to be directly from Ukrainian Psychological Operations, Special Operations would have been classified. Especially since each step of the influence operation and disinformation campaigns is detailed with timelines.

The other odd item is in the photos. They look just like the same desk underneath the paper in all such photos. Much like the same desk from the below pictures:

The Leader of Donetsk People’s Republic and the Leader of Luhansk People’s Republic formally issued a request for military assistance in repelling the ‘AGGRESSION’ by Ukrainian Armed Forces!

This all seems too perfect, very believable, yet, it just does not make sense. Not that Ukraine would not execute the same tactics against the Russians that the Russians execute against all such regimes, but that unto itself is a standard Russian projection. But too perfectly available at this time when the briefings were from September. Who takes pictures in September and only releases the six months later to two hackers.

The last item that questions credibility are the comments in the channel to the posts. Several comments focused on the poor grammar and speech associated with the briefings. One such comment:

In some places it looks like a Google translation, which is quite natural, because most of our “patriots” are Russian-speaking.


Here half of the country writes in Russian with errors, and the pan-headed “denunciator” decided about the mistakes in this “language mixture” called MOV, hysteria..


You could at least turn off geolocation when you walk around Kiev, smart guy. Can you publish? Although who needs you

Which of the Ukrainian languages ​​”they” taught? Literary (on the basis of the Poltava dialect of the Russian language) “everyone” taught for years until the 94th, and only the editors of the state press knew and really spoke / wrote in it. ALL other Ukrainians speak Surzhik. And since 2004 – on numerous surzhiks (half of which are Galician govirki)

1.And? Since it is illegitimate, let’s pretend that it doesn’t exist – and that means there are no problems
2. The dispute was about the language. Language can be. and in an illegitimate state, and not even in a state (there is no state of Tatarstan, but there is a language)

The photographer had time to flip through each page of each briefing document. Had to have access to such a document, and by the looks of the desks under the documents from all three providers (2 hackers and the Head of Donetsk), they shop at the same furniture store.

Later we will post examples. You can decide. By at this point, our credibility / reliabilty rating is at best a D3.

If we are correct in our analysis, a fairly nicely done piece of cognitive warfare to place even more impetus on offensive operations from Ukraine, albeit of the cyber and HUMINT variety. Still, too convenient, too timely, and a bit sloppy.

Remember, concidences take a lot of planning.


By Treadstone 71

@Treadstone71LLC Cognitive Warfare Training, Intelligence and Counterintelligence Tradecraft, Influence Operations, Cyber Operations, OSINT,OPSEC, Darknet, Deepweb, Clandestine Cyber HUMINT, customized training and analysis, cyber psyops, strategic intelligence, Open-Source Intelligence collection, analytic writing, structured analytic techniques, Target Adversary Research, strategic intelligence analysis, estimative intelligence, forecasting intelligence, warning intelligence, Disinformation detection, Analysis as a Service