_edited.png)
.png)
Weekly Report: Cyber-based hostile influence campaigns 18th - 24th August
- CRC
- Aug 27
- 7 min read
[Listen to the Podcast]
[Introduction]
Cyber-based hostile influence campaigns are aimed at influencing target audiences by promoting information and/or disinformation over the internet, sometimes combined with cyber-attacks which enhance their effect. During the 18th to the 24th of August, 2025 we observed, collected and analyzed endpoints of information related to cyber-based hostile influence campaigns (including Cyfluence attacks). The following report is a summary of what we regard as the main events.
This week's intelligence landscape was dominated by Russia's influence operations. Russia employed a spectrum of tactics, from sophisticated AI-generated fakes targeting European diplomacy to imposter news sites aimed at destabilizing Armenia. This digital assault was complemented by a soft-power push, as state-backed media expanded across the Global South to build narratives favorable to Moscow.
[Report Highlights]
● Russian influence networks circulated a fabricated image portraying European leaders as humiliated supplicants waiting in a White House corridor. - NewsGuard
● Russia is running at least two parallel influence campaigns, Storm-1516 and Matryoshka, to destabilize Armenia as it pivots politically toward the West. - NewsGuard
● A Chilean television channel allegedly handed over its entire broadcast signal to the Russian state-backed news broadcaster RT, prompting sanction proceedings from the country's regulator. - BBC Global Disinformation Unit
● British Columbia Wildfire Service formally warned residents about the public safety threat posed by viral, AI-generated fake emergency images. - The Conversation
● Days after meeting with Vladimir Putin, President Trump publicly used the Russian leader's claims about rigged elections to justify his new push against mail-in voting in the U.S. - Politico
● A top Greek communications official has identified disinformation as the "greatest threat faced by modern Western democracies" and a key tool of global extremist movements. - Greek City Times
● The G7 Rapid Response Mechanism developed and delivered a collective response framework to standardize how member states counter FIMI threats. - European External Action Service
[Weekly Review]
Russia Uses AI Fake to Mock European Leaders at Trump Summit
Storm-1516 deploys Imposter News Site targeting the Armenian Government
Assessing Russia’s Asymmetric Media Expansion in the Global South
Digital Wildfires: Countering GenAI Disinformation in Emergency Management
China-Linked APT Targets Taiwan's Web Hosting Sector
Following Putin Meeting, Trump's Plan to Ban Mail-In Ballots Ignites Security Fears
Greece Confronts "Greatest Threat" of Political Fake News
The EEAS's Counter-Interference Posture - ‘A FIMI Toolbox’
Russia Uses AI Fake to Mock European Leaders at Trump Summit
A report from NewsGuard reveals that pro-Kremlin sources are disseminating a sophisticated, AI-generated image to mock European leaders following a White House summit on the war in Ukraine. The fabricated image purports to show the leaders of France, the UK, Germany, Italy, Finland, and the European Commission looking somber and subservient in a corridor, supposedly snubbed by U.S. President Trump. Propagated across Telegram, X, and the Pravda network of websites, the narrative aimed to portray the European delegation as a “coalition of those in waiting.” The analysis confirms the deception, citing the AI detection tool Hive, which found the image to be synthetic with 99.8 percent certainty. This incident is presented as part of a recurring Russian information warfare tactic that targets high-profile diplomatic events to sow discord and project an image of Western weakness.
Source: NewsGuard, Hope Talbot, Aug 19, 2025, NewsGuard Reality Check, [online] Available at: https://www.newsguardrealitycheck.com/p/pro-russian-sources-spread-ai-generated
Storm-1516 deploys Imposter News Site targeting Armenian Government
An investigation by NewsGuard has uncovered a Russian influence operation, identified as Storm-1516, targeting Armenia with destabilizing disinformation. The campaign’s centerpiece is a baseless claim, originating from an imposter news site called EULeaks.eu, that the Armenian Prime Minister’s wife, Anna Hakobyan, embezzled $3.4 million from a children’s cancer charity. This narrative was amplified across multiple social media platforms. The report asserts this is a deliberate effort to undermine Prime Minister Nikol Pashinyan's government as it pivots away from Moscow’s orbit and toward the West. The analysis also reveals the imposter outlet’s tactic of using AI to rewrite articles from legitimate sources to feign authenticity. A parallel Russian campaign, dubbed Matryoshka, was observed simultaneously targeting Armenia with separate disinformation, indicating a multi-pronged assault.
Source: NewsGuard's Reality Check, Eva Maitland, Aug 19, 2025, Russia Targets Armenia Via an Imposter European News Outlet, [online] Available at: https://www.newsguardrealitycheck.com/p/russia-targets-armenia-via-an-imposter
Assessing Russia’s Asymmetric Media Expansion in the Global South
A recent article from the BBC Global Disinformation Unit details how Russian state-backed media outlets RT and Sputnik are expanding their influence across the Global South as they face increasing restrictions in the West. The analysis explains that since Russia’s 2022 invasion of Ukraine prompted bans in the EU, US, and UK, these channels have opened new bureaus and launched services in Africa, Latin America, and the Balkans. This expansion strategically fills a void left by some downsizing Western media outlets. Experts cited in the article describe Russia's approach as a "careful manipulation" that blends some accurate reporting with curated narratives and disinformation to appeal to audiences with anti-imperialist sentiments. According to the analysis, this media push is designed to undermine Western influence, build support for Moscow’s geopolitical agenda, and foster new economic partnerships in a shifting global order.
Source: BBC, Juliana Gragnani and Maria Korenyuk, August 25, 2025, How Russia is quietly trying to win over the world beyond the West, [online] Available at: https://www.bbc.com/news/articles/cm2vr37yd4no
Digital Wildfires: Countering GenAI Disinformation in Emergency Management
An article in The Conversation warns that the proliferation of advanced, accessible generative AI tools presents a growing threat to public safety during emergencies. Citing a recent case where British Columbia’s Wildfire Service had to caution residents about fake, AI-generated fire images, the analysis explains that such content exploits human psychology. People under stress are more susceptible to sensational, emotionally charged information, which can lead to confusion, panic, and the misallocation of resources. The authors argue that this digital disinformation can cause direct harm and disproportionately affects vulnerable populations. To counter this, the article advocates for a comprehensive strategy that includes fostering public media literacy, establishing clear policies for newsrooms using AI, strengthening platform-level fact-checking, and enforcing legal deterrents against the deliberate spread of false information.
Source: The Conversation, August 2025, AI-generated misinformation can create confusion and hinder responses during emergencies, [online] Available at: https://theconversation.com/ai-generated-misinformation-can-create-confusion-and-hinder-responses-during-emergencies-263081
China-Linked APT Targets Taiwan's Web Hosting Sector
According to Infosecurity, Cisco Talos, a newly identified Chinese advanced persistent threat (APT) group (UAT-7237) is targeting web infrastructure providers in Taiwan. Active since 2022, the group focuses on establishing long-term access for data theft and shows a specific interest in victims' VPN and cloud infrastructure.
By compromising web hosting providers, the attackers gain access to sensitive government and corporate data. This allows for long-term espionage and the potential to disrupt critical infrastructure. The campaigns highlight the growing sophistication of state-sponsored cyberespionage and the strategic importance of protecting digital infrastructure to prevent data theft and maintain national security.
Researchers assess with high confidence that UAT-7237 is a distinct Chinese state-backed actor, likely operating as a subgroup of another actor, UAT-5918, but with significant deviations in its tactics. This activity occurs amid escalating Chinese cyber intrusions against Taiwan’s critical infrastructure, as noted by Taiwanese security officials in early 2025.
Source: Infosecurity Magazine, James Coker, Chinese APT Group Targets Web Hosting Services in Taiwan, [online] Available at: https://www.infosecurity-magazine.com/news/chinese-apt-web-hosting-taiwan/
Following Putin Meeting, Trump's Plan to Ban Mail-In Ballots Ignites Security Fears
After meeting with Vladimir Putin in Alaska, President Trump praised the Russian leader and echoed his claims that U.S. mail-in voting had rigged the 2020 election. A subsequent Politico report reveals that just days later, Trump announced his intention to sign an executive order to ban mail-in ballots and some voting machines. This sequence of events has sent shockwaves through the election security community. Officials warn that dismantling modern voting infrastructure creates the very vulnerabilities it claims to solve. Experts argue that mass hand-counting is an unworkable fantasy that would be slow, error-prone, and an "open invitation" for malfeasance. Critics, including lawmakers and state officials, assert that the president's actions, influenced by an adversary known for election interference, dangerously erode faith in the democratic process and hand a strategic gift to those who wish to weaken the United States.
Source: Politico, Maggie Miller, 08/19/2025, Trump and Putin are both criticizing mail-in voting. Election officials are freaking out., [online] Available at: https://www.politico.com/news/2025/08/19/trump-and-putin-are-both-criticizing-mail-in-voting-election-officials-are-freaking-out-00515513
Greece Confronts "Greatest Threat" of Political Fake News
In mid-August, a false story alleging that Greek Prime Minister Kyriakos Mitsotakis’s wife had purchased a luxury apartment was published online, only to be retracted under the threat of legal action. This incident, according to a Greek City Times article, exemplifies the "almost daily" slanderous attacks faced by the couple. The Prime Minister's Director of Digital Communication, Nikos Romanos, describes this tactic as part of a broader disinformation problem that constitutes the greatest threat to Western democracies. These campaigns exploit platforms from X to YouTube, promoting conspiracy theories on topics ranging from personal matters to national crises like the recurring summer wildfires. Romanos warns that while many stories seem absurd, they remain dangerous, highlighting legal recourse as one of the only effective countermeasures against anonymous online actors.
Source: Greek City Times, Bill Giannopoulos, August 25, 2025, Fake News Campaigns Target Greek PM Mitsotakis and Wife, [online] Available at: https://greekcitytimes.com/2025/08/25/fake-news-campaigns-target-greek-pm-mitsotakis-and-wife/
The EEAS's Counter-Interference Posture - ‘A FIMI Toolbox’
A 2024 report from the European External Action Service (EEAS) details the European Union’s comprehensive strategy for combating Foreign Information Manipulation and Interference (FIMI), a threat increasingly amplified by AI-driven tools. The EEAS frames its response around a four-pillar FIMI Toolbox, focusing on situational awareness, resilience building, regulation, and external diplomatic action. Central to this effort in 2024 was protecting the European Parliament elections through enhanced cooperation via the Rapid Alert System. The EEAS highlights significant progress in operationalizing tools like the FIMI Information Sharing and Analysis Centre (FIMI-ISAC) to unite civil society responders and expanding the reach of the EUvsDisinfo platform to over 38 million people. The EU also intensified its global posture, leading the G7 Rapid Response Mechanism, signing new security partnerships with FIMI components, and applying sanctions against Russian propaganda entities to defend the integrity of the EU’s information space and support partners like Ukraine.
Source: European External Action Service (EEAS), European External Action Service (EEAS), August 2025, 2024 Report on EEAS Activities to Counter Foreign Information Manipulation and Interference (FIMI), [online] Available at: https://www.eeas.europa.eu/sites/default/files/2025/documents/2024 Report on EEAS Activities to Counter FIMI.pdf
[Takeaways]
When state actors can successfully inject and legitimize fabricated information at the highest political levels, it erodes the ability of institutions and the public to engage in evidence-based decision making. This creates a strategic vulnerability where policy and public safety become susceptible to manipulation by whichever narratives are most effectively propagated, regardless of their connection to facts.
Russia's multi-front Hostile Information Campaigns were met with institutional responses from the EU, yet a Russian narrative was simultaneously adopted as policy by the U.S. president. The core implication is a growing strategic asymmetry between offensive and defensive actions in the information domain. While Western responses like the 'FIMI toolbox' are designed to build resilience methodically, adversaries appear to be securing strategic victories by exploiting the political dynamics within open democracies. This raises critical questions about whether the current Western counter-influence posture is adequately calibrated to address threats that are not just informational but profoundly political.
