_edited.png)
.png)
Behind the Curtain: Leaked DSA Files, Russian Influence Operations, and Defensive Cyfluence
- CRC
- 1 hour ago
- 3 min read
Background
A recent OCCRP investigation revealed leaked documents related to the Social Design Agency (SDA), a Russian firm and long-time hostile influence campaigns (HICs) contractor executing “cognitive strikes” against Western countries. The investigation focused in part on a September 2025 Islamophobic incident in which several mosques and cultural centers in and around Paris reported pig heads marked with the word “Macron” left outside their entrances. These attacks appeared to extend beyond the physical act itself. Following online amplification, it drew extensive media attention and fed existing societal tensions and political polarization.
The newly leaked documents demonstrate how hybrid threats, such as multi-dimensional influence efforts, increasingly integrate physical and digital aspects into a single operational structure. Rather than functioning only through online platforms, hostile influence campaigns (HICs) instigate and exploit real-world events to continuously destabilize adversaries.
Revisiting The Russian Cognitive Warfare Playbook
The reported operations align closely with established patterns of Russian hostile influence activity. One of the most prominent remains the DSA-linked Doppelgänger campaign coordinated information operations with the orchestration of antisemitic incidents in Paris to amplify social polarization.
The uncovered modus operandi reflects the persistent rationale behind Russian HICs: the exploitation of existing societal fault lines surrounding immigration, nationalism, religion, identity politics and institutional distrust. Instead of creating an entirely new narrative, Russian foreign information manipulation and interference (FIMI) operations are designed to intensify pre-existing tensions within targeted democratic and western societies.
Importantly, the convergence between cognitive and physical effects is increasingly visible within urban environments. Hostile FIMI activities, including the instigation and exploitation of racial, religious or politically-charged incidents, mostly occur within urban environments. They are aimed against high-value managed contested spaces (MCSs), such as major cities, demonstrating how local communities and municipal authorities are in fact the front lines of hybrid geopolitical conflict, a dynamic that is central to the CRC’s Urban Cyfluence Framework initiative.
The leaked material also provides a valuable behind-the-scenes view, in the form of internal SDA chats. These shed new light on the organizational structure behind the firm’s operations, particularly through the role of Sofia Zakharova, a Russian senior official who appeared under the name of “Kristin Kiler”. The exposed conversations suggest that Zakharova operated as a coordinating figure between the SDA and senior administration officials, overseeing operational updates, funding discussions, and broader project management across multiple campaigns. Zakharova was previously sanctioned by several Western countries due to her involvement in previous Russian influence operations.
Figure 1 - EU sanctions designation of Sofia Avraamovna Zakharova, issued in December 2024, citing her continued involvement in hostile Russian information manipulation and interference activities, including the Doppelganger campaign. 1, 2
The internal documents further suggest that these activities were not isolated operations, but part of wider and ongoing destabilization efforts. Plans for 2026 included projects focused on monitoring Western opinion leaders, creating media platforms, and expanding AI-assisted informational capabilities across several European information environments.
The leaked documents thus highlight the emphasis on operational continuity, connecting past, present and to-be-executed narrative attacks. While the methods continue to adapt across different platforms and environments, the long-term strategic objective remains consistent.
Multi-Dimensional Operations
One of the most important aspects of the reported activities was the operational fusion between the physical, digital and cognitive layers. The pig-head attacks were not just physical provocations, but were meant to drive online discourse, attract media attention, and trigger political reactions.
This operational hybridity – recently defined by the Cyfluence Security Paradigm – reflects an increasingly common model for influence operations:
A provocative physical act generates emotional reactions.
Visual content from the incident is being circulated across online platforms.
Media coverage and coordinated inauthentic activity amplify and reframe narratives.
Polarized public and political discourse affect societal cohesion.
The HICs described in the leaked documents demonstrate how hostile influence efforts increasingly function as multi-dimensional threats. These threats are not limited to fictitious narratives or synthetic propaganda proliferated online. Instead, physical acts of provocation and online amplification are used as core components that elevate the sophistication of modern hybrid threats.
Implications for Cognitive Security and Defensive Cyfluence
Although this operational structure complicates influence defense efforts, the exposure of ongoing Russian FIMI activities targeting Western communities and MCSs through the opportunistic exploitation and orchestration of hate crimes demonstrates the value of proactive defensive cyfluence operations.
Much like the exposure of Russian proxy interference efforts surrounding the Moldovan elections – where a timely hack-and-leak operation revealed the operational architecture of Ilan Shor’s FIMI apparatus – this case, alongside previous SDA leaks (which were likely cyber-enabled rather than HUMINT-derived), underscores the strategic importance of publicly exposing adversarial methods, infrastructure, and objectives. Regardless of the information’s source, these crucial disclosures help in neutralizing future narrative attacks, while supporting the cognitive resilience of targeted communities against hybrid threats.
[References:]
