REST, a newly launched online outlet targeting Moldovan audiences ahead of the country’s parliamentary elections is linked to Rybar, a pro-Russian “military blogger” and propaganda operation originally created on Telegram that now boasts over one million followers. One of Rybar’s operators is sanctioned by the European Union, and in 2024, the US State Department offered a $10 million reward for information on individuals linked to the Rybar project. The emergence of Rybar-affiliated REST in late June demonstrates how pro-Kremlin actors regenerate and multiply assets to evade sanctions or public exposure. This case illustrates an attempt to erode trust in Moldova’s pro-EU leadership and shape the country’s information space ahead of its September 28 parliamentary election.

The attribution of REST to Rybar relies on multiple lines of evidence. Technical analysis traced REST’s hosting infrastructure to the VK Cloud ecosystem, where it shares space with Rybar’s mapping platform. Both sites (restmedia.io and rybar.ru) display identical server configurations, including customized file transfer protocol (FTP) settings and the use of the same, less popular control panel software. Forensic review of image metadata provided even more substantial evidence: file paths explicitly reference “Rybar” alongside REST assets, as well as Cyrillic-Latin homoglyphs embedded in navigation slugs. These operational security lapses appear to indicate that at least some REST content follows the same production workflow as Rybar.