Remote Control: How Moldovan Diasporas are Targeted by Shadow News Outlets Ahead of the Elections

Ahead of Moldova’s 2025 elections, shadow news outlets are spreading disinformation targeting the diaspora.

Why Moldova’s 2025 Elections Matter

The upcoming Moldovan parliamentary elections are more than a local event; they sit at the crossroads of global influence. Moldova is wedged between Romania (an EU and NATO member) and Ukraine, making it a key battleground in the ongoing struggle between Russia and the West.

For many voters, the choice is stark: continued European integration or a pivot back toward Russia. Unsurprisingly, Moscow has a vested interest in shaping the outcome, with disinformation and covert influence campaigns already in play.

The Diaspora: A Powerful Electoral Force

The Moldovan diaspora, Moldovans living abroad, represents nearly a third of the country’s population, making it a powerful electoral force that is increasingly being targeted by foreign-led covert influence. The diaspora played a key role in the 2024 presidential election, especially following the referendum paving the way for EU membership.

This makes them a prime target for influence operations. Shadow “news” brands, often appearing grassroots and local, are increasingly used to manipulate diaspora perceptions. While these outlets look independent, investigations reveal hidden ownership, redacted registration, and connections to known foreign influence networks.

Shadow News Outlets and Hidden Networks

ActiveFence SMAEs have identified several new online networks targeting Moldovan voters. These networks, undocumented in standard OSINT feeds, mimic independent local journalism but are characterized by a lack of transparency: redacted registration details, hidden ownership, and no visible editorial staff, and exhibit overlapping technical fingerprints. 

For example, one of the investigated entities directed users to a domain which, in turn redirected them to ziar[.]com, which is openly linked to a France‑based company reportedly involved in previous influence operations. The domain further shares a single analytics identifier with at least 17 other international domains, many operating as news aggregators. 

In a separate Moldova-focused network, the core domain presence is part of a cluster of ≈25 interconnected domains that previously shared Russian IP/name servers and common analytics identifiers, consistent with umbrella control across differently branded outlets.

Narratives Designed for Different Diasporas

The disinformation playbook is sophisticated. Narratives are tailored depending on where Moldovans live:

• In Russia: pro-Russian narratives encourage diaspora participation in elections.
• In Europe and the U.S.: Stories focus on undermining the pro-EU government, discouraging turnout, and sowing doubt in electoral fairness.

False claims include accusations of surplus ballots for overseas polling stations, neglect of diaspora interests, or even fabricated images of anti-diaspora graffiti in European cities

The Tactic of Narrative Laundering

These networks don’t just push stories once; they recycle them across multiple outlets to create the illusion of widespread consensus. This technique, known as narrative laundering, ensures that even if one site gets shut down, others remain active to keep the message alive. The content can then be shared across social media, messaging services, and may also influence responses given by LLM chatbots to election-related queries.

What This Means for Defenders

For those monitoring information integrity, focusing on a single domain or social media account won’t cut it. The real power lies in mapping connections:

• Cross-domain technical overlaps
• Reused headlines and narratives
• Messaging ecosystems where diasporas engage

By taking a networked approach, defenders can move from chasing isolated cases to disrupting entire influence operations

Looking Ahead

As Moldova heads toward a consequential vote, targeting of the diaspora is only expected to intensify. The stakes are clear: ensuring authentic diaspora engagement is vital to preserving informed democratic choice.

How to Stay Ahead of Covert Influence

Disinformation campaigns like these don’t stay confined to Moldova, they’re part of a global trend of information warfare targeting diasporas, elections, and brands.

ActiveFence’s Threat Intelligence teams uncover covert networks, track emerging narratives, using advanced techniques like web-infrastructure clustering (registrant history, shared analytics identifiers, mirror mapping) combined with multilingual crawling of hard-to-find sources. Our team surfaces hidden risks before they hit mainstream attention. 

Want to understand how covert operations might be targeting your community, customers, or industry?  Talk to our experts today and get actionable intelligence to stay ahead of evolving threats.