Digital forensics – Qurium Media Foundation

Our digital forensics investigations focus on Internet censorship, targeted malware, disinformation campaigns, election fraud, digital attacks against media sites, and other digital threats against a free and open Internet.

We collaborate with independent media and investigative journalists to validate and enrich their stories with digital forensics. Qurium also assists with media dissemination so that the stories reaches a wider public beyond local media. Several of our media partners have been awarded for their work in investigative journalism:

Kloop Media, Kyrgyzstan, Global Investigative Journalism Network (Best Investigative Stories from the Former Soviet Union — 2017)
Azadliq.info, Azerbaijan, Guardian Journalism Award winner (2014)
Premium Times Nigeria, Nigeria, Pulitzer Prize, as a part of the Panama Papers Investigation (2017)

This page includes all forensic reports that have been released to the public. For full reports including media coverage, please see respective country page.

Nigeria

Philippines

December 1, 2025
Statement on the November 18, 2025 Court Decision in Quezon City
March 4, 2024
Deep fake of Maria Ressa connected to Russian cyberscam network
November 15, 2023
Hundreds of sites cloned to promote a Chinese gambling network
September 7, 2022
Tracking toxic backlinks against Rappler
June 20, 2022
Independent Philippine media “Bulatlat” blocked by Smart Broadband
May 1, 2022
The tip of the iceberg – the algorithm fraud industry
August 25, 2021
Israeli firm ‘Bright Data’ (Luminati Networks) enabled the attacks against Karapatan
August 18, 2021
Human rights alliance ‘Karapatan’ under long lasting DDoS attack
June 22, 2021
Attacks against media in the Philippines continue
April 29, 2020
DDoS attacks against Philippine websites during COVID-19
April 25, 2019
What is hosted at the Suniway network?
March 29, 2019
Attributing the attacks against media and human rights websites in the Philippines
January 27, 2019
Alternative news agency from Philippines “Bulatlat” under denial of service attack

Romania

July 11, 2022
The kompromat DeLorean

Russia

November 17, 2025
Proxy.vn’s hidden Tin-Roof datacenter fueling fake accounts and DDoS attack on iStories.media
June 30, 2025
Proxy provider connected to state sanctioned research center linked to attack against investigative media
April 23, 2025
Yet another proxy provider behind the iStories DoS attacks
July 11, 2024
How Russia uses EU companies for propaganda
April 23, 2024
Russian exiled media Meduza.io facing repeated DDoS attacks
February 2, 2024
Russian disinformation against Zelenskyy exposed on Times Square billboard
September 27, 2022
Under the hood of a Doppelgänger

Somalia

September 7, 2023
Infrastructure of VPN providers is used to launch DDoS attacks
September 7, 2023
Rayobyte infrastructure enabling DDoS attacks

South Sudan

August 17, 2020
“Sudans Post” gets blocked after receiving personal threats from NSS – transcript revealed

Spain

October 1, 2018
One year after the denial of service against registremeses.com
October 4, 2017
Blocking Techniques Catalunya

Sri Lanka

August 26, 2020
Colombo Telegraph blocked by Dialog Axiata

Switzerland

September 8, 2021
Gotham City under Denial of Service

Togo

May 5, 2021
Togoweb.net blocked by Deep Packet Inspection
April 5, 2020
Togolese investigative media “The Confidential Report” blocked by authorities

Turkmenistan

September 23, 2019
Turkmenistan blocks Google’s Cloud Storage
July 1, 2019
Turkmenistan and their “Golden DPI”

Uganda

February 7, 2024
Adsterra used to promote malicious content using hacked Facebook pages
January 14, 2021
Uganda blocks Kenyan news ahead of the presidential elections

Uzbekistan

February 14, 2020
Procera-Sandvine blocks eltuz.com in Uzbekistan

Venezuela

June 11, 2025
Denial-of-Service Attacks on Investigative Media Traced to yet another Proxy Provider

Vietnam

July 10, 2018
DDOS against luatkhoa.org and thevietnamese.org
June 12, 2018
DNS tampering in Vietnam

Zimbabwe

September 3, 2018
The Zimbabwe Election Commission (ZEC) Website. What went wrong?
August 9, 2018
The cyberattack against the Zimbabwe Electoral Commission

Forensic Series

Weaponizing Proxy and VPN Providers

November 17, 2025
Proxy.vn’s hidden Tin-Roof datacenter fueling fake accounts and DDoS attack on iStories.media
December 5, 2023
Proxy providers weaponized to launch denial of service attack against Rappler
November 2, 2023
DDoS attacks against Hungarian media traced to proxy infrastructure “White Proxies”
September 19, 2023
Volatile networks as a source of Denial of Service
September 7, 2023
Infrastructure of VPN providers is used to launch DDoS attacks
September 7, 2023
Rayobyte infrastructure enabling DDoS attacks

Dark Ops Undercovered

February 17, 2023
Episode VIII: Eliminalia re-appears to sink unwanted content
December 21, 2022
Looking Inside A Website Traffic Con
November 26, 2021
Eliminalia behind yet another technique to silence investigative media
November 23, 2021
Dark Ops Undercovered: Episode V- The mysterious lawyers of Alexander Mashkevich
June 2, 2021
Dark Ops Undercovered: Episode IV – Reputation Control and content take down
April 26, 2021
Dark Ops Undercovered: Episode III – Hello Mr. Andersan
April 20, 2021
Dark Ops Undercovered: Episode II – Eliminalia
April 12, 2021
Dark Ops Undercovered: Episode I – Eliminalia

Doppelganger

October 27, 2025
Catfish Incorporated: How the Dating Scam Industry Works
April 11, 2025
Disinformation, Malware and Drugs: Aeza’s cyber crime portfolio
November 13, 2024
When Kehr meets VexTrio
July 11, 2024
How Russia uses EU companies for propaganda
September 27, 2022
Under the hood of a Doppelgänger

Scam Empire

April 28, 2025
VoIP Providers serving the Scam Empire
April 21, 2025
Inside the Black Advertisement Agencies Operating in Meta
March 10, 2025
“Big Bash” for the Big Cash
March 7, 2025
THE MILKING
March 5, 2025
THE HUNT – From potential victim to “depositor” in 20 min

Cookie	Duration	Description
adsight	60 days	This cookie is used for efficient content delivery and DDoS mitigation.
adsight1	60 days	This cookie is used for efficient content delivery and DDoS mitigation.
adsight2	60 days	This cookie is used for efficient content delivery and DDoS mitigation.
adsight3	60 days	This cookie is used for efficient content delivery and DDoS mitigation.
adsight4	60 days	This cookie is used for efficient content delivery and DDoS mitigation.
adsight5	60 days	This cookie is used for efficient content delivery and DDoS mitigation.
cookielawinfo-checbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checbox-functional	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
viewed_cookie_policy	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.