Lying Pigeon

Also known aslying_pigeon

Lying Pigeon is a Russian-speaking threat group assessed by Check Point Research (CPR) to conduct influence operations targeting Moldova’s election cycle. CPR reported the group ran “Operation MiddleFloor” ahead of Moldova’s October 2024 presidential elections and EU referendum, using spoofed emails and forged documents to spread anti-European narratives. CPR further reported a new wave of activity since mid-April 2025 aimed at Moldova’s September parliamentary elections, including a late-May 2025 defamation campaign leveraging over a dozen domains to promote an anti-PAS (Party of Action and Solidarity) poster contest targeting Moldova’s ruling PAS and President Maia Sandu.

Are they targeting you?

Know when an actor pivots toward your sector

Mallory correlates actor tradecraft and target patterns against your stack, your sector, and your geography. See overlap before they land.

Start free trial

OPERATIONAL PROFILE

Targeting

Who, where, and (when attributed) which flag flies behind the operation. Pulled from open-source reporting and Mallory's analyst review.

Where they target

Geographies tied to known operations.

🇲🇩 Moldova

MITRE ATT&CK

Tradecraft

1 distinct technique observed across reporting, grouped by tactic. Hover any cell for the evidence excerpt; click through for MITRE's full description.

1 of 15 tactics2 techniques×N= number of intelligence reports citing this technique

MITRE ATT&CK

TA0001

Initial Access

1 technique

T1566

Phishing

T1566.002

Spearphishing Link

ACTIVITY FEED

Recent activity

2 sources tracked across advisories, community write-ups, and news. New activity surfaces here as Mallory finds it.

2 SOURCESView more in app

checkpoint research blogNews

Feb 23, 2026

2025: The Untold Stories of Check Point Research - Check Point Research

Influence/disinformation operations targeting Moldovan elections using spoofed emails, forged documents, and coordinated domain infrastructure to spread anti-EU narratives and defamation content.

checkpoint research blogNews

Feb 23, 2026

2025: The Untold Stories of Check Point Research - Check Point Research

Russian-speaking influence/disinformation operator targeting Moldovan elections and other European political events using spoofed emails, forged documents, and coordinated domain infrastructure for propaganda/defamation.

What this page doesn’t show

The version that knows your environment.

This page is what’s public. Mallory adds the parts that aren’t: sector and geo overlap with your footprint, the IOCs they’re burning right now, detection coverage, and what to do next.

Start free trial

Target overlap

Match sector + geo + tech-stack targeting against your real footprint.

Tradecraft mapping1

Every observed MITRE ATT&CK technique, grouped by tactic.

Malware arsenal

Families this actor is known to deploy, with IOCs and behavior.

Exploited CVEs

CVEs this actor has used in known campaigns.

Detection signatures

YARA, Sigma, Snort, and vendor rules, auto-deployed to your SIEM.

Observables

Domains, IPs, and hashes tied to this actor, refreshed continuously.