During the 22nd to the 28th of September 2025, we observed, collected, and analyzed endpoints of information related to these campaigns. The following report is a summary of what we regard as the main events from this period.

The Czech parliamentary elections on 3–4 October 2025 face heavy digital interference. Russia and increasingly China exploit Telegram networks, disinformation portals, and fake TikTok accounts to spread distrust, voter apathy, and anti-Western narratives. According to CERA, the main risks are erosion of democratic trust, voter demobilization, and the strengthening of populist and pro-Russian forces.

In this CRC spotlight we use a case study of online poll manipulation to explore a new perspective on counter Foreign Influence and Manipulation (FIMI) tactics. - how interactive online content, such as polls on controversial topics, can provide defenders and researchers alike with an intelligence windfall. And that by baiting threat actors into action, knowledge of their Tactics, Techniques, and Procedures (TTPs) can be leveraged as part of a defensive strategy.  

The FDEI Country Report highlights how influence in Moldova is being shaped by coordinated campaigns targeting the 2025 elections. Russian-linked networks deploy cloned news sites, Telegram bots, and AI-generated content to spread disinformation and manipulate public perception. These campaigns aim to erode trust in institutions, polarize the electorate, and undermine cooperation with the EU and neighboring states.

Cyber-based hostile influence campaigns are aimed at influencing target audiences by promoting information and/or disinformation over the internet, sometimes combined with cyber-attacks which enhance their effect. During the last week we observed, collected and analyzed endpoints of information related to cyber-based hostile influence campaigns (including Cyfluence attacks). The following report is a summary of what we regard as the main events.

This blog examines how Stark Industries Solutions acted as a Threat Activity Enabler (TAE) in hostile cyber and influence operations. It explores the company’s role in providing resilient infrastructure for disinformation and attacks, its sanctioning by the EU in May 2025, subsequent rebranding moves, and why infrastructure-focused analysis is essential to track continuity behind shifting names and entities.