1. I make this affidavit in support of a warrant for the seizure of 32 internet domains (the “SUBJECT DOMAINS”) that have been used by the Russian government and Russian government-sponsored actors to engage in foreign malign influence campaigns colloquially referred to as “Doppelganger,” in violation of U.S. money laundering and criminal trademark laws. As set forth below, since at least 2022, under the direction and control of the Russian Presidential Administration, and in particular Sergei Vladilenovich Kiriyenko (“KIRIYENKO”), the Russian companies Social Design Agency (“SDA”), Structura National Technology (“STRUCTURA”), ANO Dialog, have used, among others, the SUBJECT DOMAINS, which include cybersquatted” domains[i] impersonating legitimate news entities and unique media brands created by Doppelganger, to covertly spread Russian government propaganda. As reflected in SDA’s notes from strategy meetings with KIRIYENKO and other Presidential Administration officials, SDA project proposals, and other SDA records obtained during the course of the investigation, some of which are attached as exhibits hereto, these actors designed the content of such propaganda to, inter alia, reduce international support for Ukraine, bolster pro-Russian policies and interests, and influence voters in the U.S. and foreign elections without identifying, and in fact purposefully obfuscating, the Russian government or its agents as the source of the content. Among the methods Doppelganger used to drive viewership to the cybersquatted and unique media domains were the deployment of *influencers” worldwide, paid social media advertisements (in some cases created using artificial intelligence tools), and the creation of fake social media profiles posing as U.S. (or other non-Russian) citizens to post comments on social media platforms with links to the cybersquatted domains, all of which attempted to trick viewers into believing they were being directed to a legitimate news media outlet’s website.
2. I am a Special Agent with the Federal Bureau of Investigation (FBI”). I became a Special Agent in January 2017 when I was assigned to the Philadelphia Division’s Counterintelligence Squad. As part of the Counterintelligence Squad, my duties include, among other things, the investigation of foreign malign influence, espionage, and foreign intelligence activities against the United States. I have successfully completed the Counterintelligence Operations Course offered by the FBI Counterintelligence Training Center, where I was exposed to a variety of counterintelligence techniques, cases, and exercises. I have participated in the execution of numerous search warrants involving electronic evidence, among other investigative techniques.
3. As a federal agent, I am authorized to investigate violations of the laws of the United States and to execute warrants issued under authority of the United States. I have attended multiple training courses related to managing counterintelligence and espionage investigations. I have also been involved in various types of electronic and physical surveillance, the execution of search warrants, and interviews of crime victims, witnesses, and subjects. Where I assert that an event took place on a particular date or at a particular time, I am asserting that it took place on or about the date or at or near the time asserted. Similarly, where I assert that an event took place a certain number of times, I am asserting that the event took place approximately the number of times asserted. Likewise, when I assert that a transaction involved a certain amount of money, I am asserting that the transaction involved approximately that amount of money.
4. The facts in this affidavit come from my personal observations, my training and experience, records seized pursuant to search warrants or obtained through legal process, and information learned from other agents and witnesses. This affidavit is intended to show merely that there is sufficient probable cause for the requested warrant and does not set forth all of my knowledge about this matter.
5. As set forth below, there is probable cause to believe that the SUBJECT DOMAINS,”[ii] see Attachments A-1 through A-9, are property involved in a transaction or attempted transaction in violation of 18 U.S.C. § 1956(a)(2)\(A) (international promotional money laundering) and 1956(h) (conspiracy to commit same) and/or property used, or intended to be used, in any manner or part to facilitate violations of§ 2320(a)(1) (trafficking in counterfeit goods or services) (collectively, the “SUBJECT OFFENSES”). In particular, the investigation has revealed that the SUBJECT DOMAINS have been purchased from U.S. registries or registrars by individuals abroad who are working under the direction and control of the Russian government, and in particular KIRIYENKO, including Ilya Gambashidze (“GAMBASHIDZE”), SDA, Nikolai Tupikin (“TUPIKIN”), and STRUCTURA, which have been sanctioned by the U.S. government and designated as SDNS, along with ANO Dialog, TABAK, and others, to advance their interests and the interests of the Russian government, thereby causing U.S. persons to unwittingly provide goods and services to and for the benefit of one or more of the aforementioned SDNS, in violation of the International Emergency Economic Powers Act (IEEPA”). As noted above, the foreign malign influence effort described herein and carried out by SDA, STRUCTURA, and ANO Dialog is colloquially referred to as “Doppelganger:”
6. Because the SUBJECT DOMAINS represent property involved in a scheme to violate U.S. money laundering laws, they are subject to seizure, and therefore subject to forfeiture pursuant to 18 U.S.C. §§ 981(a)(1 )(A) and 982(a)(1).
7. In addition, as a secondary basis for seizure and forfeiture, a subset of the SUBJECT DOMAINS represent property used, or intended to be used, to commit or facilitate the commission of Trafficking in Counterfeit Goods or Services (e.g., trademark infringement), in violation of 18 U.S.C. § 2320, and therefore are subject to forfeiture pursuant to 18 U.S.C. § 2323(a)(1)(B) and (b)(1).
8. The procedure by which the government will seize the SUBJECT DOMAINS is described in Attachments A-1 through A-9 hereto and below.

[i] Based on my training and experience, I know that cybersquatting is a method of registering a domain intended to mimic another person or company’s domain. Cybersquatting is used to trick Internet users into believing they are visiting the legitimate person or company’s website.

[ii] References to the individual SUBJECT DOMAINS in this affidavit will be denoted by bolded text.