Matryoshka
Matryoshka is a Russian disinformation and influence operation first identified in 2024 and linked in the provided reporting to the Moscow-based Social Design Agency and broader Kremlin influence activity. The operation has targeted Moldova, Ukraine-related narratives, France, Armenia, Romania, EU countries, and the 2024 Paris and 2026 Milano-Cortina Olympics. Its objectives described in the content include eroding support for Ukraine, swaying public opinion and elections, discrediting Western institutions and major events, and amplifying false narratives favorable to Russian state interests. The operation specializes in fabricated content that imitates legitimate Western media outlets, including Reuters, France 24, CBC, Euronews, and OK! magazine. Reported tactics include fake articles, fake news videos, AI-generated and AI-doctored media, AI voice cloning, impersonation of media brands and public officials, bot-network amplification across Twitter/X, BlueSky, TikTok, Telegram, Facebook, Instagram, and YouTube, and direct outreach to journalists and fact-checkers to draw attention to false content so it will be debunked and further amplified. Researchers cited in the content state that Russian outlets then reference the fabricated material to falsely suggest the narratives originated in the West. Specific activity in the content includes 39 fabricated narratives targeting Moldova over a three-month period ahead of parliamentary elections; anti-Maia Sandu influence content, often described as misogynistic in tone; expansion to YouTube; and a BlueSky campaign in which hundreds of real accounts were hijacked to post fake articles and videos. During the Milano-Cortina 2026 Winter Olympics, Matryoshka reportedly used AI voice cloning to fabricate CBC and Euronews-style segments, including false claims about Ukrainian athletes being segregated in the Olympic Village. The content also notes prior campaigns aimed at discrediting preparations for the Paris 2024 Olympics and a USAID-themed disinformation effort. Known aliases and linked entities directly mentioned in the content include Matryoshka and the Social Design Agency. The content consistently characterizes the operation as Russian/Kremlin-linked.
Know when an actor pivots toward your sector
Mallory correlates actor tradecraft and target patterns against your stack, your sector, and your geography. See overlap before they land.
Targeting
Who, where, and (when attributed) which flag flies behind the operation. Pulled from open-source reporting and Mallory's analyst review.
Who they target
Sectors the actor has been observed targeting.
- Media & Entertainment
Where they target
Geographies tied to known operations.
- 🇨🇦 Canada
Tradecraft
9 distinct techniques observed across reporting, grouped by tactic. Hover any cell for the evidence excerpt; click through for MITRE's full description.
Recent activity
11 sources tracked across advisories, community write-ups, and news. New activity surfaces here as Mallory finds it.
Influence operation using AI voice cloning and fabricated broadcast segments to spread false narratives during major sporting events.
Pro-Kremlin propaganda campaign that hijacked real Bluesky users' accounts to post fake content since 2024.
Russian influence operation specializing in fabricated news-style content and, in this campaign, hijacking legitimate Bluesky accounts to post fake articles and AI-doctored videos aimed at eroding support for Ukraine and advancing Kremlin narratives.
Russian information operation/disinformation activity amplifying narratives around geopolitical events (here, 'US invading Greenland').
The version that knows your environment.
Match sector + geo + tech-stack targeting against your real footprint.
Every observed MITRE ATT&CK technique, grouped by tactic.
Families this actor is known to deploy, with IOCs and behavior.
CVEs this actor has used in known campaigns.
YARA, Sigma, Snort, and vendor rules, auto-deployed to your SIEM.
Domains, IPs, and hashes tied to this actor, refreshed continuously.