di Giovanni Ramunno – The geopolitical environment has become increasingly hostile, marked by an aggressive use of information manipulation as part of a hybrid arsenal to influence political and societal developments.
Russian state and pro-Kremlin affiliated actors coordinate to conduct FIMI (1) attacks. These operations are carried out through Russian diplomatic networks and security services, state-controlled media, social media channels, private companies and local proxies, used in an integrated manner to multiply and amplify each other.
The recognition of FIMI as a structured, strategic phenomenon represents an important evolution in the policy, legal, and operational response to foreign-led disinformation, influence campaigns, and hybrid threats. The defining characteristic of FIMI is the use of manipulative techniques rather than mere expression of opinion or dissemination of propaganda. These techniques include, but are not limited to, the distortion or fabrication of information, the artificial amplification of narratives via inauthentic accounts or bots, the impersonation of trusted entities, and the orchestration of cross-platform campaigns that exploit the vulnerabilities of open information ecosystems.
The 1st report on FIMI introduced the FIMI Methodology, a groundbreaking analytical framework that established a standardised approach for investigating FIMI activities based on open source analysis.(2) The modern threat landscape compels organizations to consider the information space as a new frontier of geopolitical conflict and institutional vulnerability.
The 2nd report on FIMI put forward a Response Framework to FIMI threats, detailing strategies for coordinated responses among the EU and its partners, including against FIMI campaigns targeting democratic processes like elections.(3)
The 3rd report on FIMI threats presents the FIMI Exposure Matrix, an instrument to reveal the connections between digital channels used in FIMI activities and the underlying infrastructure of threat actors.(4)
FIMI operations are particularly insidious because they exploit the openness of liberal democratic societies, where freedom of speech, press, and political expression are constitutionally protected, and turn these values into vectors for manipulation. FIMI is a pattern of behaviour that threatens or has the potential to negatively impact values, procedures and political processes. Such activity is manipulative in character, conducted in an intentional and coordinated manner.(5)
The resilience of democracy in the 21st century will depend on our ability to identify, understand, and counteract the manipulative tactics embedded within FIMI operations, before they achieve their intended effect.(6)
For this reason, on 7 February 2023 High Representative/Vice-President of the European Union Josep Borrell announced the creation of an Information Sharing and Analysis Centre at the EEAS Conference on Foreign Information Manipulation and Interference. The Centre promotes the sharing of information between all stakeholders about root causes, incidents and threats, and the sharing of experience, knowledge and analysis.(7)
Russia’s approach to the weaponisation of information to advance its geopolitical objectives is complex, longterm, and employs both state and non-state structures. The concept of “information confrontation” (Информационное противоборство) is central to Russian doctrine, where information is both the weapon and the environment.
Russia utilizes information-suppression tactics within the EU through Foreign Information Manipulation and Interference (FIMI) campaigns. These campaigns aim to undermine democratic processes, erode trust in institutions, and influence public opinion. A key tactic is the creation and dissemination of disinformation, including through AI-generated content and the exploitation of social media platforms.(8)
The manipulative attempts confirm that democratic elections are among the prime targets for Russian FIMI operations.
FIMI attacks were not limited to countries but also targeted organisations and individuals. The EU, NATO, independent media outlets and FIMI defenders were among the most attacked.
Social media platforms remained the hotbed of FIMI activity, with X alone accounting for 88% of the detected activity. Key tactics, techniques and procedures (TTPs) included bot networks and coordinated inauthentic behaviour, as well as the impersonation and creation of inauthentic news websites, such as in the so-called Doppelgänger Campaign. Advances in the use of generative Artificial Intelligence provided threat actors with a low-cost option to create inauthentic content and increase the scale of FIMI activities.
They also attempt to legitimise disinformation through fake fact-checking initiatives, such as by launching the alleged “Global Fact-Checking Network” (9) in 2024.
Stirring nationalist and antiimmigrant sentiments, and exaggerating economic disparities alongside political divisions. Additionally, it fuels cultural tensions over issues like LGBTQ+ rights and minority rights, and it questions the competency of Western defence systems.
Investigations by the EEAS reveal that:
- Over 500 FIMI incidents took place across 2024
- Threat actors used at least 25 different platforms and at least 38, 000 different accounts were involved in FIMI activities
- 322 organisations have been targeted by FIMI operations
FIMI incidents in 2024 were spread across 90 different countries.(10)
EU started elaborating on hybrid threat during 2014.(11)
The European Union’s strategic documents, including the “Joint Framework on countering hybrid threats” (12) and the “Action Plan against Disinformation,” (13) have laid the groundwork for a comprehensive response to FIMI. The introduction of the Code of Practice on Disinformation (14), and more recently, the Digital Services Act (DSA) (15), reflect an emerging normative consensus that platform accountability, algorithmic transparency, and systemic risk assessment are essential tools in the fight against FIMI. Under the DSA, very large online platforms (VLOPs) are now required to identify and mitigate systemic risks, including those arising from foreign information manipulation.
Social media platforms are used to spread propaganda, coordinate influence campaigns, and target specific individuals or groups. The use of AI to generate fake news and deepfakes further complicates efforts to detect and counter FIMI.
The European Board for Digital Services (the “Board”) is composed of the Member States’ Digital Services Coordinators and chaired by the European Commission. The Board is an independent advisory group that has been established by the Digital Services Act, with effect from 17 February 2024 contributing to the consistent application of the Digital Services Act.
On 13 February 2025, the Commission and the European Board for Digital Services endorsed the integration of the 2022 Code of Practice on Disinformation into the framework of the DSA, therefore becoming the Code of Conduct on Disinformation.(16)
The G7 Rapid Response Mechanism (RRM), established in 2018, plays a central role in coordinating responses to state-sponsored disinformation and FIMI campaigns. G7 summits have consistently called for enhanced information-sharing, attribution, and joint countermeasures against malicious influence operations.(17)
Central to the efforts to counter FIMI threats is also the work of EUvsDisinfo, a flagship EEAS project led by the East StratCom Task Force, which since 2015 has been monitoring, analyzing, sharing, and raising awareness about disinformation activities carried out by the Kremlin across Europe.(18)
Bibliografia
- La guerre de l’information : les États à la conquête de nos esprits by David Colon, Publication Date: 2023
- La grande confrontation : comment Poutine fait la guerre à nos démocraties by Raphaël Glucksmann, Publication Date: 2023
- Russia’s war on everybody: and what it means for you by Keir Giles; Publication Date: 2022
- Disinformation, narratives and memory politics in Russia and Belarus by Agnieszka Legucka and Robert Kupiecki, Publication Date: 2022
- The weaponisation of everything: a field guide to the new way of war by Mark Galeotti, Publication Date: 2022
- Disinformation crossing borders: the multilayered disinformation concerning the war in Ukraine by Mihaela Daciana Natea, Publication Date: 2022
- Russian disinformation efforts on social media by Elina Treyger, Joe Cheravitch, Raphael S. Cohen; RAND Corporation Open access, Publication Date: 2022
- Tyrants on Twitter: protecting democracies from information warfare by David L. Sloss, Publication Date: 2022
- Hybrid warfare: security and asymmetric conflict in international relations by Mikael Weissmann, Niklas Nilsson, Björn Palmertz and Per Thunholm Open access, Publication Date: 2021
- The world information war: western resilience, campaigning, and cognitive effects by Timothy Clack and Robert Johnson, Publication Date: 2021
- Russia today and conspiracy theories: people, power and politics on RT by Ilya Yablokov and Precious N. Chatterje-Doody, Publication Date: 2021
- How to lose the information war: Russia, fake news, and the future of conflict by Nina Jankowicz, Publication Date: 2020
- Democracy and fake news: information manipulation and post-truth politics by Serena Giusti and Elisa Piras Open access, Publication Date: 2020
- This is not propaganda: adventures in the war against reality by Peter Pomerantsev, Publication Date: 2020
- Lie machines: how to save democracy from troll armies, deceitful robots, junk news operations, and political operatives by Philip N. Howard, Publication Date: 2020
- Cover ArtMoscow rules: what drives Russia to confront the West by Keir Giles, Publication Date: 2019
- Information wars: how we lost the global battle against disinformation and what we can do about it by Richard Stengel, Publication Date: 2019
- Artificial intelligence, China, Russia, and the global order by Shazeda Ahmed; Nicholas D. Wright; Air University (U.S.) Open access, ISBN: 9781585662951, Publication Date: 2019
- Russian social media influence: understanding Russian propaganda in Eastern Europe by Todd C. Helmus, Elizabeth Bodine-Baron, Andrew Radin, Madeline Magnuson, Joshua Mendelsohn, William Marcellino, Andriy Bega, Zev Winkelman, Publication Date: 2018
- The devil is in the details: Information warfare in the light of Russia’s military doctrine by Jolanta Darczewska, Publication Date: 2015
Abbreviation Description
FIMI: (Foreign) Information manipulation and interference describe a mostly non-illegal pattern of behaviour that threatens or has the potential to negatively impact values, procedures, and political processes. Such activity is manipulative, conducted intentionally, and coordinated by state or non-state actors, including their proxies inside and outside their territory.
TTP’s: In the context of FIMI, “Tactics, Techniques, and Procedures” are patterns of behaviour used by threat actors to manipulate the information environment to deceive. Tactics describe operational goals that threat actors are trying to accomplish. Techniques are actions explaining how they try to accomplish it. Procedures are the specific combination of techniques across multiple tactics (or stages of an attack) that indicate intent and may be unique for different threat actors.
DISARM Framework: Disinformation Analysis and Risk Management is an open-source framework designed to describe and understand the behavioural parts of FIMI/disinformation. It sets out best practices for fighting disinformation through sharing data & analysis and can inform effective action. The Framework has been developed, drawing on global cybersecurity best practices.
OpenCTI: The Open Cyber Threat Intelligence Platform is a platform for processing and sharing knowledge for cyber threat intelligence purposes. It was developed by the French National Cybersecurity Agency (ANSSI) and the CERT-EU (Computer Emergency Response Team of the European Union).
STIX 2.1: Structured Threat Information Expression (STIX™) is a data format for encoding and exchanging cyber threat intelligence (CTI) and sharing insights on FIMI incidents.
Kill Chain: The Kill Chain is a model breaking down multiple stages of an attack perpetrated by a malign actor, allowing analysts to predict, recognise, disrupt or prevent the attack.
It was originally a military concept further adapted for cybersecurity and can be applied to FIMI, too.
FOOTNOTES
1) Foreign Information Manipulation and Interference, a concept increasingly recognized as a significant threat to democratic processes and societal stability within the European Union and globally.
2) 1st EEAS Report on Foreign Information Manipulation an Interference Threats February 2023 https://www.eeas.europa.eu/sites/default/files/documents/2023/EEAS-DataTeam-ThreatReport-2023..pdf
3) 2nd EEAS Report on Foreign Information Manipulation an Interference Threats February 2023 January 2024 https://www.eeas.europa.eu/sites/default/files/documents/2024/EEAS-2nd-Report%20on%20FIMI%20Threats-January-2024_0.pdf
4) The 3rd EEAS Report on Foreign Information Manipulation and Interference (FIMI) Threats maps out the digital infrastructure deployed by foreign actors, mainly by Russia, but also by China, to manipulate and interfere in the information space of the EU and partner countries. March 2025. https://www.eeas.europa.eu/sites/default/files/documents/2025/EEAS-3nd-ThreatReport-March-2025-05-Digital-HD.pdf
5) Information Integrity and Countering Foreign Information Manipulation & Interference (FIMI) https://www.eeas.europa.eu/eeas/information-integrity-and-countering-foreign-information-manipulation-interference-fimi_en
6) Foreign Information Manipulation and Interference (FIMI) https://www.disinformation.ch/EU_Foreign_Information_Manipulation_and_Interference_(FIMI).html#:~:text=FIMI%20Toolbox%20is%20the%20Toolbox,to%20better%20address%20emerging%20threats
7) Foreign Information Manipulation and Interference (Fimi) – Information Sharing and Analysis Centre (Isac) https://fimi-isac.org/index.html
8) Cross-platform influence operation: A2Z, p. 28 https://cdn.openai.com/threat-intelligence-reports/influence-and-cyber-operations-an-update_October-2024.pdf
9) Global Fact Checking https://globalfactchecking.com/
10) Inside the infrastructure of Foreign Information Manipulation and Interference (FIMI) operations https://www.eeas.europa.eu/eeas/inside-infrastructure-foreign-information-manipulation-and-interference-fimi-operations_en
11) An overview of the sanctions adopted by the EU in response to Russia’s war of aggression against Ukraine, its human rights violations, hybrid threats, and illegal annexation of Crimea and of the Donetsk, Luhansk, Zaporizhzhia and Kherson regions of Ukraine. https://www.consilium.europa.eu/en/policies/sanctions-against-russia/timeline-sanctions-against-russia/
12) Brussels, 6.4.2016 JOIN(2016) 18 final Joint Communication to the European Parliament and the Council Joint Framework on countering hybrid threats, a European Union response https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=celex:52016JC0018 e Brussels, 26.4.2018 COM/2018/236 final – Communication from the Commission to the European Parliament, the Council, the European Economic and Social Committee and the Committee of the Regions, Tackling online disinformation: a European Approach https://eur-lex.europa.eu/legal-content/EN/TXT/PDF/?uri=CELEX:52018DC0236
13) Brussels, 5.12.2018 JOIN(2018) 36 final – Joint Communication to the European Parliament, The European Council, The Council, The European Economic and Social Committee and The Committee of The Regions. Action Plan against Disinformation https://www.eeas.europa.eu/sites/default/files/action_plan_against_disinformation.pdf
14) Established in 2018, it was significantly strengthened in 2022, with the aim of becoming recognised as a Code of Conduct under the Digital Services Act (DSA).
15) Regulation (EU) 2022/2065 of the European Parliament and of the Council of 19 October 2022 on a Single Market for Digital Services and amending Directive 2000/31/EC (Digital Services Act) (Text with EEA relevance) https://eur-lex.europa.eu/legal-content/EN/TXT/PDF/?uri=CELEX:32022R2065
16) Codes of conduct under the Digital Services Act https://digital-strategy.ec.europa.eu/en/policies/dsa-codes-conduct
17) G7 Rapid Response Mechanism Annual Report 2021 https://www.international.gc.ca/transparency-transparence/rapid-response-mechanism-mecanisme-reponse-rapide/2021-annual-report-rapport-annuel.aspx?lang=eng#a4_4
18) EUvsDisinfo https://euvsdisinfo.eu/it/
***
Giovanni Ramunno, former General of the Italian Army, is a member of the scientific committee of the Gino Germani Institute and a journalist.