Time to take a step forward from analysis to a collective response

29 January, 2024

The latest EEAS report on FIMI threats reveals how foreign powers are systematically undermining democracies. This is not just an attack on facts, but a strategic thrust against our institutions and societal fabric, exploiting everything from elections to global crises and influential figures.

The European External Action Service (EEAS) has released its second report on Foreign Information Manipulation and Interference (FIMI) threats. Read the full report here(opens in a new tab).

The latest report has meticulously documented over 750 incidents of FIMI, painting a stark picture of widespread, targeted manipulation and disinformation campaigns. This second iteration builds on the earlier report’s conceptual framework while adding concrete steps for analysis and collective response.

The report highlights the breadth and depth of these attacks, encompassing 149 organisations, including influential media, and 59 individuals, including high-profile leaders such as Ukrainian President Volodymyr Zelensky, underscoring an alarming escalation in the strategic targeting of state figures and vulnerable communities.

Russia, obviously, but there are others too

The report emphasises the relentless, systematic, strategic and carefully orchestrated efforts of foreign powers to distort shared reality, deliberately sow chaos, and fuel societal conflict. These threat actors incessantly continue their campaigns of influence and interference against our societies and interests.

They are not merely spreading manipulations and disinformation; they are waging a sophisticated war on facts and truth, seeking to fragment unity, instigate fear, and breed hatred, thereby eroding the very foundations of our democratic societies and institutions.

The most obvious example of the threat actors in this space is Russia – among other things, by trying to justify its war of aggression against Ukraine. We know this threat actor and its ‘industry of lies(opens in a new tab)’ well, as we have been informing the public about pro-Kremlin manipulations for almost nine years now.

However, other actors such as China, that we have mentioned numerous times on the pages of EUvsDisinfo, also engage in the intentional manipulation of public conversations.

Russian hand in Spanish elections

The run-up is now beginning to Europeans elections in June 2024. So a timely example of Russian interference concerns the pro-Kremlin FIMI ecosystem’s meddling with Spanish elections in 2023.

In that case, a Russian government Telegram account initially promoted a list of channels later used for disinformation activities. Then a pro-Russian hacktivist network released data that it falsely claimed had leaked from Spanish and European websites, a tactic to undermine trust in these entities.

During the elections, misleading content, including fake ballots and a hoax about a terrorist attack, was circulated to sow confusion. After the elections, a video on a mirrored YouTube account of the sanctioned RT outlet in Spanish claimed that Spain’s political direction was controlled by external powers like the EU, NATO, and certain countries. It was another example of the ‘lost sovereignty’ narrative that pro-Kremlin manipulators constantly tap into.

Ukraine is the top target, but no one is immune

The report’s findings are based on an analysis covering a sample of over 750 FIMI incident cases investigated between 1 December 2022 and 30 November 2023. The cases were collected by the EEAS and analysed following the methodology outlined in the first EEAS Report on FIMI Threats.

Like in last year’s report, Ukraine remains the top target of FIMI operations undermining the country’s stability and security, with 160 documented cases. This finding is supported by EUvsDisinfo’s disinformation database, which currently hosts over 7,000 disinformation cases linked to Ukraine.

Nevertheless, no one was immune and threat actors attacked targets across the globe. Altogether, 149 different organisations were targeted over 300 times. Victims included the EU and its member states, NATO, well-known media outlets such as Reuters and The New York Times, civil society actors, and others.

The EUvsDisinfo database provides further confirmation on the identified key targets, as the database has 3,300 cases linked to NATO and more than 3,100 cases related to the European Union.

Targeting state leaders and vulnerable communities

Attacks also focussed on 59 individuals ranging from the leaders of the European Union and its member states to foreign leaders such as Ukrainian President Volodymyr Zelenskyy. President Zelenskyy has also been identified as a key target in EUvsDisinfo articles, including this one, and in our database with more than 300 disinformation cases connected to him.

Gender-based and anti-LGBTIQ+ FIMI attacks were also recorded during this past year and show a worrying trend of hostile actors targeting vulnerable groups and communities. This was documented in the recent EEAS report, ‘FIMI targeting LGBTIQ+ people: Well-informed analysis to protect human rights and diversity(opens in a new tab)‘ and by EUvsDisinfo with articles such as this one and a recently published video(opens in a new tab) covering the topic.

Piggybacking on celebrities and global events

FIMI attacks involved globally known celebrities, including movie actress Margot Robbie, who saw their voices, statements, and faces maliciously used in FIMI incidents with the intention to reach new and wider audiences.

Not surprisingly, threat actors attempt to exploit events that draw global attention. The report found that in more than one fifth of investigated incidents, threat actors opportunistically piggybacked off emergencies, elections, summits and other high-profile happenings to manipulate narratives and to hijack attention strategically.

Uncovering cross-platform coordination

Cross-platform coordination is the usual way of operating for threat actors in investigated FIMI incidents.

This tactic is used to spread a message more effectively and to create a false impression of widespread discussion or interest. The process typically involves initially seeding content on one platform, then amplifying it through coordinated sharing and discussion across various other platforms. This can help obscure the original source of the information and make it appear more credible or widely accepted.

One example of the Kremlin’s use of cross-platform coordination was reported in this EUvsDisinfo piece that covered the pro-Kremlin ecosystem spreading lies about Ukrainian children.

According to the report, more than 4,000 channels tied to known FIMI actors were active 9,800 times across 750 investigated incidents. Channels in this case can be websites or social media profiles, groups, and pages. The platforms most often involved in the cases were Telegram and X (formerly Twitter). Nevertheless, FIMI activity was observed on virtually all other big, new, and niche platforms.

It takes a community to respond to FIMI

Each one of us, from policymakers to tech giants, non-governmental organisations and individuals alike, has a role to play in safeguarding the integrity of information vital to open societies and their core functions, like democratic elections. The latest EEAS report on FIMI threats lays a path from fragmented efforts to a networked defence and shared responses.

The Report’s central call for all relevant actors is to move from leveraging shared information into collaborative and collective responses. This can be supported by linking analysis and insights even more effectively to timely responses. The report also highlights the importance of cooperation between all stakeholders who hold key instruments to respond to the intentional manipulation of the information environment.

We at EUvsDisinfo and our colleagues at EEAS and other EU institutions are part of this community response and continue to protect information integrity in numerous ways. These ways include, but are not limited to, raising awareness on FIMI and disinformation; exposing threat actors and their methods; helping partners in building their capacities; sharing information, tools and best practices; and defending as a network while responding as a community.

The second EEAS report of Foreign Information Manipulation and Interference can be read and downloaded in full here(opens in a new tab).

Registration Form

It should contain at least one upper-case letter and number.
It should contain at least one upper-case letter and number.
It should contain at least one upper-case letter and number.
It should contain at least one upper-case letter and number.
This website has been produced with the assistance of the European Union. Its contents are the sole responsibility of the Information Integrity Coalition and do not necessarily reflect the views of the European Union.