A private Israeli intelligence firm deployed an army of automated proxy profiles to systematically subvert democratic contests across Europe and the West. This operation, unmasked by French state investigators, directly targeted Scottish First Minister John Swinney, the Scottish National Party, and local candidates in France and New York City. The revelations expose a sprawling, corporate-driven information warfare infrastructure that operates entirely in the shadows. The modern mercenary cyber market no longer relies on heavy-handed state military apparatuses to reshape Western elections. Instead, anyone with a sufficient budget can simply purchase a pre-packaged, deniable psychological operation off the shelf.
The discovery came to light following a rigorous technical forensic investigation by Viginum, the French government’s specialized watchdog tasked with identifying foreign digital interference. Viginum’s investigators tracked an intricate web of coordinated inauthentic behavior back to a single commercial entity: BlackCore. Before scrubbing its digital footprint and vanishing from the public internet, the self-described elite influence company openly bragged to prospective clients about providing advanced tools to shape narratives and fight modern information warfare.
The mechanics of the assault on Scottish politics reveal how these invisible operations manipulate the digital town square. Between January 6 and May 8, as Scotland prepared for a highly contested parliamentary election, BlackCore’s infrastructure weaponized a cluster of at least 256 synchronized accounts on the social media platform X. These accounts did not merely post random noise. They executed a disciplined, multi-pronged campaign, injecting roughly 1,400 highly targeted, hostile comments directly into the official feeds of Scotland’s political leadership. Swinney’s personal account bore the brunt of the onslaught with 652 targeted interactions. The main SNP apparatus absorbed 338, and the official Scottish Government channel was hit 112 times.
The Geopolitical Trigger
This calculated digital offensive did not occur in a vacuum. It was triggered by a dramatic, tangible shift in Edinburgh's foreign policy. Under Swinney’s leadership, the Scottish Government emerged as one of the most vociferous critics of Israel's military campaign in Gaza. Swinney repeatedly broken diplomatic decorum by branding the crisis a man-made humanitarian catastrophe and publicly warning that a genocide might be unfolding.
Crucially, Scotland did not stop at rhetoric. The devolved administration moved from words to material consequences, withholding state economic grants from defense contractors supplying the Israel Defense Forces and freezing government support for Scottish exports destined for Israel. By doing so, Edinburgh crossed a critical threshold, shifting from a distant political observer to an active participant in an international economic boycott.
The timing of the cyber campaign perfectly mirrors this policy shift. BlackCore’s automated network was deployed to punish this dissent and manipulate the domestic political cost of holding such positions. By flooding the First Minister's communications with artificial outrage, the operation sought to manufacture the illusion of widespread domestic backlash, hoping to force a political retreat.
The Deniability Architecture
The most alarming aspect of the Viginum report is not the technology itself, but the deliberate vacuum of accountability built into the commercial espionage model. French authorities openly admit that while the technical attribution to BlackCore's digital signature is ironclad, finding out who signed the check remains virtually impossible.
Commercial influence operations are structured specifically to exploit legal and financial blind spots. A foreign intelligence agency, a domestic political rival, a wealthy ideological donor, or a corporate consortium can funnel money through a labyrinth of offshore shell companies and generic legal consultancies. When BlackCore deployed its bot nets, it provided its ultimate sponsor with absolute plausible deniability.
This reality upends the traditional framework of national security. When a hostile nation-state launches a cyberattack, established diplomatic and military doctrines offer a playbook for retaliation. But when a private corporation based in Tel Aviv sells disinformation-as-a-service to an anonymous buyer to tilt an election in Edinburgh, the standard mechanisms of state defense crumble.
France has formally demanded an explanation from the Israeli government regarding BlackCore's operations. The response from Jerusalem has been predictably distant, with the Israeli embassy in Paris stating that they are waiting for the full report but maintaining that the state has no intention of meddling in foreign municipal or national contests. This defense highlights the utility of the private market. The state can claim clean hands while its domestic tech sector exports the tools of democratic subversion to the highest bidder worldwide.
A Global Pattern of Precision Interference
The operation targeting Scotland was merely one theater in a broader, global campaign of precision narrative manipulation. Viginum's findings prove that BlackCore’s infrastructure was deployed simultaneously across vastly different political landscapes, always focusing on localized, high-stakes races where targeted pressure could yield outsized geopolitical results.
| Target Region | Specific Election Focus | Key Objective / Political Target | Primary Tactic Used |
|---|---|---|---|
| Scotland | 2026 Holyrood Parliamentary Election | First Minister John Swinney & SNP ministers critical of Gaza campaign | Coordinated social media swarming and targeted narrative suppression |
| France | Municipal and Local Contests | Left-wing France Unbowed (LFI) mayoral candidates | Coordinated online smear campaigns and localized disinformation |
| United States | 2025 New York City Mayoral/Local Contests | Pro-Palestinian progressive candidates | Multi-platform proxy profile deployment |
| West Africa | Sovereign Political Contests (Togo & Angola) | State-level narrative shaping and regime stability | Fake news website syndication and bot networks |
In France, the firm focused heavily on municipal elections, executing aggressive online smear campaigns against three mayoral candidates from the hard-left France Unbowed party. The common thread is impossible to ignore. Like Swinney, these French candidates were outspoken, uncompromising proponents of the pro-Palestinian cause.
The operation extended across the Atlantic into the United States, embedding itself in the 2025 local elections in New York City. The technical fingerprints match those found in Edinburgh and Paris. BlackCore’s automated architecture sought to influence a highly polarized municipal environment where traditional pro-Israel political factions were fighting a fierce rearguard action against a rising tide of progressive, anti-war candidates.
Further digital footprints tie BlackCore to strategic manipulation campaigns in Togo and Angola. The firm's operational philosophy does not favor any specific ideology. It treats democratic processes as open attack surfaces to be manipulated on behalf of whoever pays for the license.
The Fragmented Western Defense
The West’s current defense mechanism against this specific breed of asymmetric digital warfare is fundamentally broken. The very fact that a French cybersecurity agency was the entity that discovered an attack on a Scottish election highlights a massive structural failure in the UK's national security architecture.
Swinney has rightly pointed out that Westminster retains sole constitutional responsibility for national security and international relations. Yet, the UK Cabinet Office and British intelligence services failed to publicly flag or neutralize this operation while it was actively compromising the Scottish digital space. The defense of British democratic processes cannot rely on the vigilance of foreign allies who happen to stumble across shared infrastructure during their own domestic investigations.
This failure stems from an institutional refusal to recognize that the nature of political warfare has fundamentally changed. Traditional counterintelligence is built to watch embassies, intercept state communications, and track known foreign agents. It is completely unequipped to monitor a private company using everyday cloud computing infrastructure to simulate thousands of organic-looking social media comments.
Social media platforms bear equal responsibility. The 256 accounts used by BlackCore on X managed to post over a thousand coordinated comments directly onto the profiles of heads of government without triggering automated internal defense systems. The current platform business model prioritizes engagement metrics over narrative integrity, effectively subsidizing the deployment of hostile bot architectures.
Defending against this structural threat requires moving past symbolic hand-wringing and empty diplomatic protests. Governments must treat commercial disinformation firms not as mere tech companies, but as active weapon manufacturers. This means implementing strict, aggressive export controls on narrative-shaping software, tracking the financial flows of corporate influence brokers, and imposing severe economic sanctions on the firms—and countries—that harbor them. Until the financial and diplomatic cost of operating a mercenary disinformation firm outweighs the immense profits generated by subverting Western democracy, the digital town square will remain entirely for sale.
