Abstract Hybrid threats represent a continued challenge to the European Union, combining disinformation campaigns with cyber-attacks as a means of destabilising the Union and its Member States, undermining legitimacy and public trust. With social media platforms at the centre of disinformation efforts, as well as potential sites for cyber-attack disruption, the ability to control narratives and disseminate content are essential to hybrid threat actors. Fake Activity Markets (FAMs) are websites offering services that can be used to generate fake engagement, in turn allowing for coordinated inauthentic behaviour online. These websites also constitute a cybersecurity threat in themselves, involved in distributing malware, harvesting user data or comprising information systems. This article seeks to explore the EU approach to hybrid threats and coordinated inauthentic behaviour using FAMs as a case study, highlighting the potential threats to the EU’s social and cyber resilience posed by these actors, the potential regulatory responses, and the ways in which the von der Leyen II Commission’s renewed emphasis on hybrid threats could provide for a more robust ecosystem for countering coordinated inauthentic behaviour.
Benjamin Farrand (Wed,) studied this question.