Operation Overload
Operation Overload is a pro-Russia, Russian-aligned influence and disinformation operation, also known as Matryoshka and Storm-1679. The operation targets European audiences and countries including Armenia and Germany; reporting cited Armenia as the third most-targeted country after Ukraine and France. Its objectives, as described in the source material, include spreading Kremlin-aligned messaging, undermining trust in institutions and media, polluting the information space with manipulated content, and in some cases weakening support for pro-Western political actors while benefiting pro-Russian narratives. Observed tradecraft includes impersonation of real news organizations and journalists, media-brand abuse, dissemination of manipulated and fabricated content, and expansion across multiple platforms including Telegram, X, Bluesky, and TikTok. The operation has been specifically observed using AI-based tools, including AI-enabled voice cloning and audio deepfakes, to impersonate real journalists and splice fabricated voiceovers into legitimate video footage in order to appropriate the credibility of recognized media figures. Reporting also states that Operation Overload has used AI to generate and amplify Russian propaganda. In election-related contexts, the operation has been linked to influence activity around Germany’s 2025 federal election and Armenia’s parliamentary election, where it was described as part of broader Russian disinformation efforts. Source material also notes that Operation Overload has expanded beyond mainstream social media to Bluesky and has been identified alongside other Russian influence operations such as Doppelgänger, Operation Undercut, and CopyCop.
Know when an actor pivots toward your sector
Mallory correlates actor tradecraft and target patterns against your stack, your sector, and your geography. See overlap before they land.
Targeting
Who, where, and (when attributed) which flag flies behind the operation. Pulled from open-source reporting and Mallory's analyst review.
Who they target
Sectors the actor has been observed targeting.
- Government & Administration
Where they target
Geographies tied to known operations.
- 🇦🇲 Armenia
- 🇺🇦 Ukraine
- 🇫🇷 France
Where they're from
Attributed origin per open-source reporting.
- RU
Tradecraft
4 distinct techniques observed across reporting, grouped by tactic. Hover any cell for the evidence excerpt; click through for MITRE's full description.
Recent activity
6 sources tracked across advisories, community write-ups, and news. New activity surfaces here as Mallory finds it.
A Russian-aligned information operation targeting Armenia as part of broader influence activity, including election-related disinformation.
Pro-Russia influence operation using AI voice cloning and manipulated media to impersonate journalists and spread fabricated content.
A pro-Russia influence operation using AI voice cloning and fabricated voiceovers inserted into legitimate footage to impersonate journalists and spread disinformation.
Russia-linked influence operation targeting European audiences; described as part of a set of campaigns impersonating media outlets to spread Kremlin-aligned narratives.
The version that knows your environment.
Match sector + geo + tech-stack targeting against your real footprint.
Every observed MITRE ATT&CK technique, grouped by tactic.
Families this actor is known to deploy, with IOCs and behavior.
CVEs this actor has used in known campaigns.
YARA, Sigma, Snort, and vendor rules, auto-deployed to your SIEM.
Domains, IPs, and hashes tied to this actor, refreshed continuously.