Redazione RHC : 20 September 2025 08:45
Since March 2025, Insikt Group of Recorded Future observed CopyCop (also known as Storm-1516), a covert Russian influence network, creating at least 200 new fake media websites targeting the United States, France, and Canada, as well as websites impersonating media brands, parties, and political movements in France, Canada, and Armenia.
CopyCop also created a regionalized network of websites posing as a fictitious fact-checking organization, publishing content in Turkish, Ukrainian, and Swahili, languages never before featured on the network. Including the 94 German-facing websites reported by Insikt Group in February 2025, this adds up to over 300 websites created by CopyCop operators since the beginning of the year, marking a significant expansion from our initial reporting of the network in 2024, and with many websites yet to be publicly documented.
These websites are most likely operated by John Mark Dougan with the support of the Moscow-based Center for Geopolitical Expertise (CGE) and the General Directorate of the General Staff of the Armed Forces of the Russian Federation (GRU).
CopyCop uses these websites as infrastructure to spread influencer content targeting the pro-Western leadership and publish artificial intelligence (AI)-generated content with pro-Russian and anti-Ukrainian themes in support of Russia’s offensive operations in the global information landscape.
Although the network’s reach in terms of languages and target countries has expanded, its primary objectives almost certainly remain unchanged: weakening support for Ukraine and exacerbating political fragmentation in Western countries that support it. Insikt Group also noted that CopyCop engages in additional secondary objectives, such as advancing Russia’s geopolitical goals in its broader sphere of influence, such as Armenia and Moldova. CopyCop’s narratives and content supporting these goals are regularly amplified by an ecosystem of social media influencers, as well as other Russian influence networks such as Portal Kombat and InfoDefense.
Similar to its goals, CopyCop’s tactics, techniques, and procedures (TTPs) remain largely unchanged, with marginal improvements aimed at strengthening the network’s reach, resilience, and credibility. The tactics and techniques used to disseminate content typically include deepfakes, lengthy dossiers aimed at embarrassing targets, and fake interviews with alleged whistleblowers who make statements about political leaders of NATO member states such as the United States, France, and Germany.
Insikt Group also found new evidence that CopyCop uses self-hosted, uncensored large language models (LLMs), based on Meta’s open-source Llama 3 models, to generate AI content, rather than relying on Western AI providers.
Compared to other Russian influence networks, CopyCop’s impact remains significant: targeted influencer content promoted by its websites and an ecosystem of pro-Russian social media influencers and so-called “journalists” regularly achieves high organic engagement rates across multiple social platforms and has a precedent for intruding into mainstream political debate. Identifying and publicly denouncing these networks should remain a priority for governments, journalists, and researchers seeking to defend democratic institutions from Russian influence.
Redazione