top of page
CRC logo (2).png

Cyber-based hostile influence campaigns 2nd February - 8th February 2026

  • Writer: CRC
    CRC
  • 29 minutes ago
  • 13 min read
Cover Image- Text: Weekly Media Update: Information Operations


[Introduction]


Cyber-based hostile influence campaigns are aimed at influencing target audiences by promoting information and/or disinformation over the internet, sometimes combined with cyber-attacks, which enhance their effect.  


During the last week, we observed, collected, and analyzed endpoints of information related to cyber-based hostile influence campaigns (including Cyfluence attacks). This week's report is a summary of what we regard as the main events.



[Contents]



[State Actors]


Russia 


[General Reports]




[ Report Highlights]




[State Actors]


Russia

Pro-Kremlin Network Promoted Alberta Separatism to U.S. Audiences

As reported by DisinfoWatch, a pro-Kremlin outlet in the Pravda News Network amplified claims that Alberta was moving toward independence and that its secession would deliver "two red senators and electoral votes" to the United States. Identified by France’s Viginum agency as part of the Russian “Portal Kombat” disinformation ecosystem, the network repackaged real but limited developments, including meetings between Alberta separatist figures and U.S. officials, into a misleading narrative. While such meetings did occur, U.S. officials have denied offering any support or commitments.


Alberta is a Canadian province, not a U.S. state, and there is no legal or political pathway for it to gain U.S. senators or electoral votes. Alberta is also not institutionally “moving toward independence.” Public support remains a minority position, and current activity is limited to the early stages of a referendum petition process. Even a hypothetical referendum would not result in immediate independence, as Canadian law requires a clear majority, a clear question, and negotiations.


Source: DisinfoWatch. Moscow to MAGA: Pro-Kremlin Pravda Network Amplifying Alberta Separatism. [online] Published 2 February 2026. Available at: https://disinfowatch.org/disinfo/moscow-to-maga-pro-kremlin-pravda-network-amplifying-alberta-separatism/


Italy Accused Russia-Linked Hackers of Cyberattacks Ahead of 2026 Winter Olympics

An article by The Record reports that Foreign Minister Antonio Tajani said Italy has blocked a wave of cyberattacks of “Russian origin” targeting its diplomatic missions abroad and infrastructure linked to the 2026 Winter Olympics. The attempted attacks originated in Washington and extended to consulates in Sydney, Toronto, and Paris, as well as to hotels associated with the Games in Milan and the Alpine resort of Cortina d’Ampezzo. Around 120 targets were hit in total, but authorities reported no significant disruption.


The pro-Russian hacker group NoName057(16) claimed responsibility, describing the campaign as retaliation for Italy’s support for Ukraine. Active since Russia’s full-scale invasion of Ukraine in 2022, the group has repeatedly targeted European countries backing Kyiv using relatively simple but disruptive distributed DoS attacks. Italian officials noted that Russia has been barred from competing as a nation in the 2026 Winter Olympics, a context that echoes previous incidents in which Russia-linked hackers targeted countries hosting major sporting events. Russian state officials have not publicly commented on the allegations.


Source: The Record, D. Antoniuk. Italy blames Russia-linked hackers for cyberattacks ahead of Winter Olympics. [online] Published 5 February 2026. Available at: https://therecord.media/italy-blames-russia-linked-hackers-winter-games-cyberattack


Russia intensified disinformation as the EU tightened scrutiny of its shadow fleet

EUvsDisinfo reports that Russia has intensified disinformation efforts as the EU tightened scrutiny of its so-called “shadow fleet”, hundreds of ageing oil tankers that operate under false flags to evade sanctions on Russian oil exports. These vessels, often with obscured ownership and inadequate insurance, transport oil and other goods to countries such as China and India, and are also suspected of carrying stolen Ukrainian property or military cargo. EU member states expanded sanctions, now covering nearly 600 vessels, and debated an even tougher 20th sanctions package.


Recent interceptions of suspected sanctions-busting tankers in the North Sea and Mediterranean, including a January seizure by the French navy, have triggered a wave of false Kremlin-backed narratives. Pro-Kremlin outlets have portrayed lawful inspections and seizures as “piracy” or a covert naval blockade, falsely claiming Europe is provoking open confrontation. In parallel, deterrence messaging has become increasingly explicit, hinting at retaliation against Western shipping or undersea infrastructure and warning of instability in the Baltic Sea—claims that have no basis in reality, as neither the EU nor NATO is preparing a blockade or military escalation.


Source: EUvsDisinfo. Sailing under false flag: Moscow’s ‘shadow fleet’ meets Europe’s resolve. [online] Published 6 February 2026. Available at: https://euvsdisinfo.eu/sailing-under-false-flag-moscows-shadow-fleet-meets-europes-resolve/

[General Reports]


France Caught Between Russian and U.S.-Linked Disinformation Campaigns

France has increasingly become a target of overlapping disinformation efforts from pro-Russian networks and Trump-aligned American accounts, as detailed by Le Monde, creating a complex and unprecedented challenge. Since early 2026, Russian-linked actors have continued to circulate fabricated stories aimed at discrediting Ukraine and France, including a false claim that French and Ukrainian officials embezzled billions of euros intended for Rafale fighter jets. Investigations by French and international fact-checkers confirmed the story was entirely fabricated and likely originated from “Storm-1516”, a Russian propaganda group active in France since 2025. At the same time, French authorities have had to counter misleading narratives spreading from U.S. sources, including false claims about President Emmanuel Macron’s role in drug pricing and France’s military record in Afghanistan.


This dual threat poses a new challenge for France, as Russia and the United States rely on radically different methods. Russian disinformation operates as a long-term, organised background campaign, often using fake news sites and AI-generated content to subtly influence public opinion. By contrast, Trump-aligned messaging relies on high-visibility, immediate amplification through personal social media accounts, normalising distortions of fact through repetition and provocation. Adding to the challenge is a convergence between pro-Russian and MAGA-aligned narratives, which share anti-elite, anti-EU, anti-Macron, and anti-Ukraine themes and often relay each other’s claims. French authorities have responded by more actively debunking falsehoods on social media, including through the Foreign Ministry’s French Response account and direct interventions from the Élysée.


Source: Le Monde, W. Audureau. France faces a crossfire of Russian and American disinformation. [online] Published 2 February 2026. Available at: https://www.lemonde.fr/en/les-decodeurs/article/2026/02/02/france-faces-a-crossfire-of-russian-and-american-disinformation_6750034_8.html


Nearly Half of Americans Believed Top False Claims in 2025

NewsGuard’s Reality Gap Index found that, from June to December 2025, an average of 46 percent of Americans believed at least one major false claim circulating in the news. In the first six months of tracking, belief levels averaged 50 percent before dipping slightly in December. Fluctuations largely reflected the virality and sensationalism of particular hoaxes, with peaks in midsummer driven by widely shared false claims, such as reports that President Donald Trump had declared martial law in Washington, D.C., or that a Florida detention center was surrounded by an alligator-filled moat. The index, based on monthly YouGov surveys, measured the share of Americans who believed at least one of the top three false claims identified each month by NewsGuard.


The surveys also revealed widespread confusion around AI-generated and manipulated media. Large shares of respondents either believed in or were unsure about the authenticity of fake images, videos, and audio, including AI-generated visuals falsely linking Trump to Jeffrey Epstein and fabricated audio clips purporting to capture him berating Cabinet members. Differences by age and political affiliation were present but modest. Younger adults were more likely to express uncertainty, while older respondents showed greater confidence but were not consistently better at identifying false claims. Across all age groups, only about 8–9 percent correctly identified all false claims in a given month. Politically, Republicans were slightly more likely than Democrats and Independents to believe at least one false claim, but the overall difficulty in consistently spotting misinformation cut across party lines.


Source: NewsGuard Reality Check, S. Tanner. Nearly Half of Americans in 2025 Believed False Claims Across Seven Months of Surveys. [online] Published 2 February 2026. Available at: https://www.newsguardrealitycheck.com/p/nearly-half-of-americans-believed


Social Media Users Circulated Fake Images Linking Politicians to Epstein Files

Following the U.S. Department of Justice’s release of millions of documents related to Jeffrey Epstein in January 2026, NewsGuard’s Reality Check reported that social media users began circulating AI-generated and digitally manipulated images falsely linking prominent politicians to the convicted sex offender. NewsGuard identified at least seven such images, which together amassed more than 21 million views on X. The images targeted figures across the political spectrum, including New York City Mayor Zohran Mamdani, former South Carolina governor Nikki Haley, and Venezuelan opposition leader Maria Corina Machado, with users claiming the materials were part of the newly released Epstein files.


In one widely shared case, fabricated images purported to show Epstein posing with Mamdani as a child and with his mother, filmmaker Mira Nair. Although DOJ files confirm Nair once attended an event hosted by Epstein associate Ghislaine Maxwell, NewsGuard found the images themselves were AI-generated, bearing digital watermarks from Google’s image-generation tools. Other posts falsely claimed Haley had emailed Epstein to arrange flights with her children, but no such message exists in the DOJ database, and the alleged screenshot contained clear inconsistencies. Similarly, an image linking Machado to Epstein was shown to be a manipulated version of an authentic photo that did not include her.


As described in a related article, a “red-teaming” audit by NewsGuard of three leading AI image generators found that X’s Grok Imagine consistently produced false images depicting prominent politicians hanging out with convicted sex offender Jeffrey Epstein. Google Gemini’s Nano Banana Pro produced convincing visuals as well, but only after some prodding, while OpenAI’s ChatGPT flatly declined all prompts seeking to place Epstein with public figures.


Sources:


Pro-IS Propaganda Circulated Online Following Syrian Detention Camp Takeover

An investigation by the Centre for Information Resilience (CIR) found a sharp increase in pro-Islamic State (IS) activity on Facebook following the Syrian government’s takeover of the Al-Hol detention camp in late January 2026. After Kurdish-led forces withdrew from north-eastern Syria, including Al-Hol, IS supporters used social media to spread propaganda and coordinate logistical and financial assistance for detainees attempting to escape. The activity emerged within days of the transfer of control and coincided with President Ahmed al-Sharaa’s efforts to reassert state authority one year after the fall of the Assad regime.


CIR documented dozens of Facebook accounts openly calling for violence against Syrian government forces and urging armed resistance. Some posts explicitly encouraged supporters to attack security personnel, while others focused on practical support, such as requests for vehicles to transport detainees’ families out of the camp. Financial appeals were also widespread, with pro-IS users soliciting donations from supporters abroad and directing them to private Telegram channels for coordination.


Source: CIR Centre for Information Resilience. Pro-IS propaganda circulates online following Syrian detention camp takeover. [online] Published 5 February 2026. Available at: https://www.info-res.org/cir/articles/pro-is-propaganda-circulates-online-following-syrian-detention-camp-takeover/

Digital Risks for the 2026 Winter Olympics

Ahead of the Milano Cortina 2026 Winter Olympics, the Graphika Team highlighted in a Graphika Blog post that it analyzed online conversations from the past 60 days to assess potential digital risks surrounding the Games and how major sporting events attract influence operations and hacktivist activity. While online discussion remained largely neutral or supportive of the Games, the shift toward controversy-focused narratives created openings for coordinated influence campaigns. IO actors use high-profile events to further their ideological messages or attract engagement. Graphika hasn’t yet seen any known IOs weighing in on the upcoming Games, but will continue to monitor signals related to this threat, as the monitoring and public reporting during the 2024 Paris Games led them to expect that IOs will exploit the Milan Cortina Games. Potential threats include the spread of false or misleading claims about political, security, and even accommodation-related developments, which may be supported by AI-generated content. Additionally, no major hacktivist campaigns have yet targeted the 2026 Winter Olympics. Past events indicate a strong likelihood of cyber disruptions, data leaks, doxing, and DDoS attacks. During the Paris 2024 Olympics, “pro-Russia” and “anti-Zionist” hacktivist groups leaked sensitive athlete data and attacked national websites.


Politico reported that Italian authorities have already thwarted hacking attempts against several embassies and Olympic venues and attributed a series of DDoS attacks to a pro-Kremlin gang that claimed responsibility on Telegram. Security groups tracking these threats have also warned that hackers may be preparing to spread disinformation online to discredit the Games or to launch further cyberattacks on Olympic sites ahead of the Opening Ceremony. The Italian National Cybersecurity Agency (ACN) has embedded experts inside the Milano-Cortina security center, with additional staff at ACN HQ, while coordinating with the IOC, CISA, and other international partners to share real-time threat intelligence.


Source:


Gabbard’s Seizure of Voting Machines Raised Fears of Election Interference

As reported by Politico, while the U.S. midterm elections approached, President Donald Trump intensified questioning election integrity, reviving baseless claims about a "rigged" 2020 vote and urging federal involvement in election administration. These concerns have deepened following revelations that Director of National Intelligence Tulsi Gabbard oversaw the seizure of voting machines in Puerto Rico and appeared at an FBI raid tied to past election fraud allegations. Democratic lawmakers argued that these actions blur the line between foreign intelligence oversight and domestic election matters, raising concerns that the administration may be laying the groundwork to challenge future election outcomes.


Gabbard’s office claimed the investigation uncovered serious cybersecurity vulnerabilities, including cellular modems that could connect machines to foreign networks. However, election security experts and bipartisan lawmakers noted that such vulnerabilities have been publicly documented for years and are extremely difficult to exploit without physical access. They emphasized there is no evidence these issues have ever altered U.S. election results. Critics also pointed to recent cuts to federal programs designed to protect election infrastructure and counter foreign threats to U.S. democracy.


Source: Politico, M. Miller & D. Nickel. Gabbard’s seizure of voting machines heightens concerns of midterm meddling. [online] Published 6 February 2026. Available at: https://www.politico.com/news/2026/02/06/gabbard-trump-election-midterms-voting-integrity-00769768


The Rise of Violent Rhetoric Targeting US Public Officials

New analysis by the Institute for Strategic Dialogue (ISD) found that violent online rhetoric targeting US public officials more than tripled between 2021 and 2025, rising by 241 percent overall with a median monthly increase of 5 percent. Threats intensified around major political events and continued to rise after the 2024 election and presidential transition. Republicans were disproportionately targeted, driven largely by threats against President Donald Trump, who accounted for 47 percent of all violent rhetoric in the dataset. While threats against Democrats also rose, the growth rate for Republicans was far steeper, especially following the July 2024 assassination attempt on Trump.


The study found that most violent rhetoric did not originate from organized extremist groups but from partisan individuals reacting to high-profile news and political controversy. Only a small fraction of cases were linked to extremist organizations, pointing instead to a shift toward decentralized, post-organizational political violence. Inflammatory statements by public officials themselves often acted as catalysts, with supporters directing threats at perceived opponents and fueling cycles of escalation across party lines. Real-world violence further intensified this dynamic, triggering waves of online threats, celebration of attacks, or calls for retaliation. Violent rhetoric remained widespread across major platforms, much of it still accessible despite clear policy violations. Platform dynamics shaped who was targeted: left-leaning platforms such as Reddit and Bluesky hosted more threats against right-wing officials, while X contained a disproportionate share of threats against left-wing figures.


Source: ISD, N. Doctor & K. Keneally & C. Zoschak. ‘Tick tock traitor:’ The rise of violent rhetoric targeting US public officials. [online] Published 3 February 2026. Available at: https://www.isdglobal.org/digital-dispatch/tick-tock-traitor-the-rise-of-violent-rhetoric-targeting-us-public-officials/


Foreign State Disinformation and Cyber Influence Threaten Norway’s Information Space in 2026

The Norwegian Police Security Service’s (PST) National Threat Assessment 2026 outlines a deteriorating security and information environment in Norway, driven largely by hostile state actors employing influence operations, cyber activity, and disinformation as core tools. Russia, China, and Iran are identified as the primary actors, with Russia expected to intensify cyber and influence operations aimed at weakening Norwegian public support for Ukraine, NATO, and Western cooperation, including through targeted disinformation, proxy sabotage, and recruitment via digital platforms. China’s activities are assessed as increasingly cyber-centric, combining cyber espionage, covert influence, and transnational repression to silence critics of the Chinese Communist Party, including through malware disguised as legitimate apps and pressure on diaspora communities. Iran is expected to continue intelligence and influence operations using proxy actors and criminal networks, alongside cyber intrusions and intimidation campaigns targeting dissidents, journalists, and Western- or Israeli-linked interests in Norway.


The report emphasizes that disinformation and influence operations increasingly intersect with extremist ecosystems and digital radicalisation dynamics. Foreign state actors exploit online platforms, fake accounts, AI-generated content, and proxy networks to spread polarising narratives, undermine trust in democratic institutions, and amplify conspiracy theories, sometimes leveraging existing right-wing or anti-government extremist forums as dissemination channels. These activities contribute to a more diffuse and unpredictable threat landscape, where state-driven influence operations, cyber-enabled repression, and extremist propaganda reinforce one another. The assessment highlights that such tactics risk eroding public trust, increasing societal polarisation, and complicating attribution, thereby strengthening hostile actors’ ability to manipulate the information space while remaining below the threshold of overt conflict.


Source: Norwegian Police Security Service (PST). National Threat Assessment 2026. [online] Published February 2026. Available at: https://www.pst.no/wp-content/uploads/2026/02/National-Threat-Assessment-2026.pdf


[CRC Glossary]


The nature and sophistication of the modern Information Environment is projected to continue to escalate in complexity. However, across academic publications, legal frameworks, policy debates, and public communications, the same concepts are often described in different ways, making collaboration, cooperation, and effective action more difficult.


To ensure clarity and establish a consistent frame of reference, the CRC is maintaining a standard glossary to reduce ambiguity and promote terminological interoperability. Its scope encompasses foundational concepts, as well as emerging terms relating to Hostile Influence and Cyfluence.


As a collaborative project maintained with input from the community of experts, the CRC Glossary is intended to reflect professional consensus. We encourage you to engage with this initiative and welcome contributions via the CRC website 











 
 
bottom of page