The Russian covert influence network CopyCop has significantly expanded its disinformation campaign, establishing over 200 new fictional media websites since March 2025.
This expansion represents a marked escalation in Russian information warfare efforts, targeting democratic nations with sophisticated artificial intelligence-driven content generation and increasingly polished deception tactics.
CopyCop, also designated as Storm-1516, operates as a cornerstone of Russia’s broader influence operations ecosystem.
The network functions through a coordinated infrastructure of fake media outlets, fictional fact-checking organizations, and impersonation websites designed to undermine Western democratic institutions and erode international support for Ukraine.
Combined with previously documented operations, the network now operates over 300 websites established throughout 2025, demonstrating unprecedented scale and reach in Russian influence operations.
Recordedfuture analysts noted that these websites serve dual purposes within CopyCop’s operational framework.
.webp "Russian Fake-News Network CopyCop Added 200+ New Websites to Targets US, Canada and France 2")
First, they disseminate targeted influence content prepared by the Moscow-based Center for Geopolitical Expertise and network operator John Mark Dougan.
Second, they publish large quantities of artificial intelligence-generated content featuring pro-Russian, anti-Ukrainian, and anti-Western narratives designed to poison the global information environment.
The network’s infrastructure demonstrates sophisticated technical implementation and operational security measures.
CopyCop operators register domains in coordinated batches across linked infrastructure, maintaining dormant websites that passively generate content until activated for targeted campaigns.
This approach provides operational flexibility while building credibility through sustained content publication across multiple fictional media brands.
The network’s geographic expansion includes new targeting of Canada, Armenia, and Moldova, while sustaining established operations against the United States and France.
CopyCop has diversified its linguistic reach, publishing content in Turkish, Ukrainian, and Swahili languages never previously featured by the operation.
These developments reflect strategic adaptation to maximize audience engagement and exploit regional political vulnerabilities.
Self-Hosted Large Language Model Infrastructure
CopyCop’s most significant technical evolution involves the deployment of self-hosted, uncensored large language models based on Meta’s Llama 3 architecture.
This represents a deliberate shift away from commercial Western AI services, addressing operational security concerns while enabling unrestricted content generation aligned with Russian propaganda objectives.
Technical analysis reveals CopyCop operators utilize either the dolphin-2.9-llama3-8b or Llama-3-8B-Lexi-Uncensored models, both popular uncensored variants available through open-source platforms like HuggingFace.
.webp "Russian Fake-News Network CopyCop Added 200+ New Websites to Targets US, Canada and France 3")
Evidence supporting this assessment includes operational artifacts found within published articles, such as knowledge cutoff references to January 2023 and inconsistent JSON output formatting that suggests model performance degradation typical of “abliterated” or uncensored language models.
The network’s technical infrastructure includes sophisticated deployment mechanisms revealed through John Mark Dougan’s inadvertent exposure during French media interviews.
Video footage captured Python scripts utilizing the Ollama inference framework, specifically including functions named restart_ollama() that demonstrate operational deployment of local language model instances.
This infrastructure operates from Russian-controlled servers, with GRU financial backing supporting the computational resources required for sustained content generation.
# Example code structure observed in CopyCop operations
def restart_ollama():
# Restart local LLM inference service
subprocess.call(['systemctl', 'restart', 'ollama'])
return TrueThe technical implementation creates significant operational advantages for CopyCop’s content generation capabilities.
Self-hosted models eliminate external dependencies on Western AI service providers while enabling fine-tuning on Russian state media content provided by TASS and other Kremlin-aligned sources.
However, this approach introduces performance constraints, as evidenced by frequent operational security failures including exposed LLM artifacts in published content and structured output formatting errors that betray automated generation.
Recordedfuture researchers identified specific instances where CopyCop articles contained explicit model instructions, such as disclaimers stating “Please note that this rewrite aims to provide a clear and concise summary of the original text while maintaining key details” and metadata referencing “objective and factual” tone requirements.
These artifacts demonstrate the network’s ongoing challenges in maintaining operational security while scaling content production through automated systems.
The infrastructure expansion enables CopyCop to produce content at unprecedented scale while targeting multiple audiences simultaneously.
The network maintains regionalized subdomain structures, such as the “Truefact” cluster featuring africa.truefact.news for Swahili content, turkey.truefact.news for Turkish audiences, and ukraine.truefact.news for Ukrainian-language disinformation.
This approach maximizes content distribution while providing resilience against individual domain takedowns through mirrored hosting across multiple subdomains.
Find this Story Interesting! Follow us on Google News, LinkedIn, and X to Get More Instant Updates.
Source link
