By VIGINUM
This report is based on the analysis of 77 information operations documented by VIGINUM and conducted by Storm-1516 between its supposed date of appearance and 5 March 2025. It details the main narratives and content being used, their distribution chain, and the foreign actors involved in conducting the IMS.
Storm-1516’s main objective seems to be to discredit the Ukrainian government, most likely to lead to the suspension of Western aid to Ukraine in the context of Russia’s invasion of its territory. At the same time, the IMS directly targets European leaders and their entourage, particularly during election periods in France, the United States and Germany. To do this, the IMS generally disseminates deepfakes and videos of varying quality, sometimes using amateur actors.
Storm-1516’s distribution chain is particularly complex and has evolved over time. It is characterised by the initial dissemination of content through burner accounts controlled by the operators, or through paid accounts, likely supported by the laundering of the narrative through foreign media. The false stories are then amplified by a network of pro-Russian actors and by other IMS. These tactics demonstrate the extent of the efforts made by the operators to give credibility to the narratives, but also the strong coordination and sometimes overlap between Storm-1516 and other Russian IMS, including Project Lakhta and CopyCop.
VIGINUM’s investigations, based on open source intelligence (OSINT), confirm the involvement of individuals and organisations close to the Russian government, including John Mark DOUGAN, a former American police officer exiled in Russia, as well as members of the PRIGOZHIN and DUGIN ecosystems. VIGINUM was also able to obtain additional information on Yury KHOROSHENKY, a potential officer of the GRU Unit 29155 who has been publicly accused of financing and coordinating Storm-1516.
In light of this, VIGINUM considers that Storm-1516’s activities meet the criteria of a foreign digital interference, and represent a significant threat to the digital public debate, both in France and in all European countries. The IMS is very likely to keep conducting IOs targeting France in 2025, and to evolve further adapt its tactics, techniques and procedures to avoid detection and hinder the monitoring and technical attribution of its activities.
The full report in PDF is here.
