“If your work correctly reflects Russian illegal acts, your reward amount will be increased as a sign of our gratitude. Here, translated from English, is the most eloquent part of the strange email received on Thursday by the editorial staff of several French media, including 20 minutes. An email which, moreover, refers to the website Visitukraine.today, with a completely official appearance, which incorporates the logos of several Ukrainian ministries. Attempt to bribe journalists? Malicious act of Russian hackers? In either case, the approach is rather worrying.
Last Thursday, about thirty French and Belgian journalists received a strange email whose subject was “invitation” and whose sender was “firstname.lastname@example.org”. Written in English, the text of the email began as follows: “We are Visitukraine.today and we offer you to take part in a guided tour through the liberated cities in the Kyiv and Chernihiv regions. The sender then assured interested journalists that they could interview residents affected by the “Russian aggressor” and that they could thus “document the destruction caused by the army” of Vladimir Putin.
A “generous reward”
So far, nothing particularly strange. The worst happens next: in exchange for articles reflecting “Russian illegal acts”, the sender promises a “generous reward.” And if the articles are written “in the right way”, “the amount of [la] reward will be increased as a sign of gratitude. An astonishing approach, especially since the site to which the email refers, Visitukraine.today, is an official platform. This is an information portal for tourists wishing to go to Ukraine on which all useful information is listed as specified by our Ukrainian colleagues from Odessa Diary.
This web portal, which went online in 2018 to promote tourism in Ukraine, was launched with the support of several local official institutions, including the National Agency for Tourism Development or the Ministry of Foreign Affairs. Visitukraine.today took on another dimension after the outbreak of the war, notably by offering paid escorts for foreign journalists, diplomats or official delegations wishing to visit in liberated cities of the Russian occupation. Foreign governments, such as the Netherlands, or Ukrainian embassies in China or the United States also refer to this site.
Cyberattack or disinformation campaign?
Therefore, it seems unlikely that Visitukraine.today is behind this dubious proposition. Contacted, the administrators of the site affirmed to 20 minutes that the e-mail address used did not come from them. To get to the bottom of it, 20 minutes asked for help in Sandoz, a computer whiz who is widely followed on social networks for his videos in which he puts scammers in misery: “One thing is certain, the two domains ”visitukraine.network” and ”visitukraine.today” are not on the same server/location at all. The domain of e-mail is simply non-existent,” he says.
Therefore, two options are possible. “Some cyberattacks start with this kind of email. Once the conversation is started, we will click on links, even download stuff, and find ourselves at best hacked and at worst with ransomware,” explains Sandoz. Except that we never had a response from the sender of the email in question. The other option may well be even more worrying, akin to a political act.
What image would public opinion have of Ukraine if it turned out that institutions were offering to pay foreign journalists in exchange for complacent articles? A kind of information war whose 20 minutes and other international press titles have already paid the price. Indeed, in mid-2022, an almost perfect copy of the site of 20 minutes had been uploaded by a Russian disinformation network to spread pro-Russian and anti-Ukrainian propaganda.