22 June 2026
By Luminița Diaconu Associate Professor, Academy of Economic Studies of Moldova
On 28 September 2025, Moldovans went to the polls for parliamentary elections that international observers would later describe as taking place ‘against the backdrop of unprecedented hybrid attacks’. The verdict came from the OSCE’s own monitoring mission — not from the Moldovan Government or Western think-tanks, but a respected multilateral organisation that has observed elections across 57 countries. What unfolded in Moldova that autumn was not simply an election campaign. It was a stress test for digital democracy itself.
An Election Under Full-Spectrum Assault
Moldova has been a target of Russian hybrid interference since its pro-European political pivot accelerated after 2022. But the 2025 parliamentary elections marked a significant escalation. According to the German Marshall Fund of the United States, Kremlin-linked networks planned to inject as much as €100 million into the electoral environment through deepfakes, paid protests, cryptocurrency transactions, and Kremlin-affiliated clergy, with the explicit goal of altering the result. This was not improvised interference but a carefully planned, large-scale operation.
The operation had both visible and invisible layers. On the surface: concerts, banners, organised rallies, and an avalanche of social media content amplifying anti-EU and anti-government narratives. Below the surface: suitcases of cash moved across borders, app-based payments routed through sanctioned Russian banks, and cryptocurrency conversions designed to evade detection. The OSCE/ODIHR election observation mission confirmed the picture plainly: illicit financing funnelled through shadowy networks, relentless disinformation campaigns eroding public trust, and brazen cybersecurity incidents designed to sow chaos.
The Digital Toolkit of Interference
Three digital instruments deserve particular attention for what they reveal about the evolving architecture of hybrid election interference.
The TAITO app. Perhaps the most operationally novel tool deployed in 2025 was the TAITO mobile application, which was used by networks affiliated with exiled oligarch Ilan Șor to mobilise and pay activists. According to Watchdog Moldova and the Georgetown Journal of International Affairs, tens of thousands of users reportedly installed the app, which concealed both identities and financial transactions. Payment flows were elaborately layered: rubles sent through Promsvyazbank were converted into cryptocurrency, then foreign currency, then Moldovan lei — a money-laundering chain designed to obscure the Russian origin of funds. Protesters could earn up to $3,000 per month (four times Moldova’s average salary) simply for registering, signing a contract, and participating in anti-government events.
The STOP UE chatbot and AI-generated content. The European Policy Centre documented the deployment of the anti-EU chatbot “STOP UE,” which simulated grassroots messaging while systematically disseminating Kremlin-aligned disinformation. This was part of a broader AI-enabled architecture. Euronews reported that spoof websites impersonated legitimate Western media outlets while paying “engagement farms” in Africa to amplify content and AI bots were deployed to flood comment sections with anti-EU messaging. A particularly striking example documented by Cyfluence Research was a deepfake video depicting the Electoral Commission chair allegedly admitting to foreign interference — content that spread rapidly on Telegram before being amplified by Russian Foreign Ministry spokesperson Maria Zakharova, demonstrating the seamless integration between AI-generated disinformation and official state channels.
Cyberattacks on electoral infrastructure. On election day, the digital assault shifted from narrative manipulation to infrastructure disruption. As Watchdog Moldova reported, thousands of home internet routers across the country were compromised in the weeks beforehand and recruited into a botnet prepared for a large-scale distributed denial-of-service (DDoS) attack. The targets were the Central Election Commission and the Information Technology and Cyber Security Service. The goal was not to alter vote tallies — Moldova uses paper ballots — but to disable the digital systems used for voter verification and the real-time reporting of results, generating the appearance of chaos and illegitimacy at the moment of maximum public attention. The Lowy Institute further reported that Russia’s outlet Pravda sent synchronised messaging across 129 affiliated websites in over 50 languages, illustrating the global reach of what was, at its core, an attack on a small country’s democratic process.
Moldova Fights Back: Digital Resilience in Practice
What is striking about the events in Moldova was not only the scale of the attack, but the sophistication of the response and the EU’s direct role in building it. In June 2025, the European Commission and Moldovan authorities conducted a full-day digital hybrid threats simulation exercise in Chișinău — the first of its kind — bringing together EU officials, Moldovan institutions, civil society fact-checkers, cybersecurity teams, and representatives from Meta, Google, and TikTok. The exercise tested coordinated responses to disinformation, cyberattacks, platform manipulation, and AI-driven content spoofing. It was, in miniature, a practice drill for the digital attacks during the Moldova election that followed three months later.
On the domestic front, Moldova’s Centre for Strategic Communication and Countering Disinformation (StratCom), established in 2023, focused on both debunking and pre-bunking Russian narratives, equipping citizens with frameworks for recognising disinformation before encountering it. The Central Election Commission, supported by International IDEA, deployed digital monitoring tools to identify illicit advertising, fake accounts, and disinformation networks in real time. Enforcement bodies collaborated with financial intelligence units to trace and freeze illicit funds; the anti-corruption prosecutor’s office opened 13 criminal cases and made 122 detentions for electoral campaign violations.
The Georgetown Journal of International Affairs noted a significant development in public culture where citizens increasingly rejected cash-based vote-buying, signalling a maturation of civic consciousness that no algorithm can easily replicate. Russia’s strategy, having failed to buy the election outright, shifted toward narrative control but found that ground harder to hold than they likely anticipated.
What can we learn from Moldova’s experience?
The events surrounding the 2025 Moldovan Parliamentary election is not a story about a small, vulnerable country on Europe’s edge. Instead they are a preview of what electoral interference looks like when hybrid capabilities, such as AI-generated content, encrypted payment apps, router botnets, coordinated bot networks, and state-backed media infrastructure are deployed simultaneously against a single democratic process.
The Alan Turing Institute’s Centre for Emerging Technology and Security has warned that AI-enabled disinformation is creating a shadow economy in elections globally. Moldova experienced that shadow economy in its most developed form yet. The lesson for governance scholars, policymakers, and legal researchers is clear: digital democracy requires digital protection. Participatory rights, transparency obligations, and cybersecurity frameworks cannot remain in separate regulatory silos. The architecture of interference crosses all of them simultaneously, and the legal response must too.
As Moldova continues its EU accession journey — and as other candidate and partner states face similar pressures — the 2025 election stands as both a warning and, crucially, a model of democratic resilience. Democratic tenacity, the OSCE observed, prevailed. But tenacity alone is not a legal framework. Building the institutional and normative infrastructure to make that tenacity sustainable is the task that lies ahead.
Note: this gust blog is the result of a short-term scientific mission under COST Action 23114 RELINK.
Sources
- Alan Turing Institute (CETaS) — From Deepfake Scams to Poisoned Chatbots: AI and Election Security in 2025
- Cyfluence Research — Influence in Moldova: Coordinated Campaigns Ahead of Critical Elections
- Euronews — Moldova’s Election Shaped by Russia’s AI-Driven Disinformation Machine (September 2025)
- European Commission — Digital Hybrid Threats Stress Test, Chișinău, June 2025
- European Policy Centre — It is Moldova’s Moment and Europe Must Act (2025)
- Georgetown Journal of International Affairs — How the EU Rewrote its Cyber Diplomacy Playbook in Moldova’s 2025 Elections (February 2026)
- German Marshall Fund — Hybrid Threats to Democratic Processes: Moldova’s 2025 Elections (March 2026)
- International IDEA — How Moldova is Tackling Online Disinformation in Elections
- IWPR — Elections Under Siege: Moldova’s Battle for Truth (September 2025)
- Lowy Institute — How Russia Tried to Manipulate Moldova’s Election (November 2025)
- OSCE/ODIHR Election Observation Mission — Moldova Parliamentary Elections, 29 September 2025
- Watchdog Moldova — Cyber Operations and Hybrid Election Interference in Moldova’s 2025 Elections