EXECUTIVE SUMMARY:
CopyCop, a covert Russian influence network, has significantly expanded its operations. The network has established numerous fictitious media websites targeting countries including the United States, France, Canada, Armenia, Moldova, and Ukraine. These sites are designed to disseminate pro-Russian narratives and undermine support for Ukraine, while also attempting to destabilize political landscapes in Western nations and neighboring regions.
CopyCop's operations involve the creation of fake media outlets and political movements, often impersonating established media brands and political parties. The network employs deepfakes, fabricated dossiers, and fake interviews to enhance the credibility of its content. Notably, CopyCop has begun utilizing self-hosted, uncensored large language models (LLMs) based on Metas Llama 3 open-source models to generate AI-driven content, moving away from reliance on Western AI service providers. The network's content is amplified through a network of pro-Russian social media influencers and other Russian influence networks, achieving significant organic engagement across various platforms.
The expansion of CopyCop's operations underscores a deliberate strategy to influence public opinion and political landscapes in both Western and neighboring countries. The use of advanced AI tools and content manipulation techniques enhances the network's ability to disseminate its narratives effectively. It is crucial for governments, media organizations, and entities to remain vigilant, monitor emerging threats, and implement measures to counteract the influence of such covert operations.
THREAT PROFILE:
| Tactic | Technique Id | Technique | Sub-technique |
| Reconnaissance | T1592.001 | Gather Victim Host Information | Hardware |
| Resource Development | T1583.001 | Acquire Infrastructure | Domains |
| Initial Access | T1195.002 | Supply Chain Compromise | Compromise Software Supply Chain |
| Execution | T1204.002 | User Execution | Malicious File |
| Defense Evasion | T1564.001 | Hide Artifacts | Hidden Files and Directories |
| Command and Control | T1071.001 | Application Layer Protocol | Web Protocols |
REFERENCES:
The following reports contain further technical details: