French authorities say a private Israeli-linked influence firm targeted John Swinney, the SNP and the Scottish Government during Scotland’s election campaign. The allegation raises a larger question: how exposed is Scotland’s democracy to paid, foreign, deniable digital interference? This is not a story about whether voters like or dislike the SNP. It is a story about whether Scotland’s political debate can be entered by hidden foreign or foreign-linked actors posing as ordinary public opinion.
Scotland has just been given a glimpse of the modern influence market.
It did not arrive as a spy scandal in the old style. There were no brown envelopes, no bugged hotel rooms, no foreign diplomat being quietly expelled. It came instead through social media accounts, repeated comments, coordinated behaviour and the industrial manufacture of political atmosphere.
French authorities say the Israeli-linked firm BlackCore was connected to digital interference operations that reached into Scotland’s 2026 election campaign. According to Reuters, France’s disinformation detection service, Viginum, said its technical work had led it to BlackCore, which it accused of using a similar method beyond France, including in Scotland, New York, Angola and Togo.
The Scottish part of the allegation is precise enough to require serious attention. Viginum reportedly detected BlackCore-linked accounts targeting First Minister John Swinney, the Scottish National Party and the Scottish Government between 6 January and 8 May 2026, during the run-up to the Scottish Parliament election. The Guardian reported that at least 256 accounts were mobilised on X, distributing around 1,400 comments, including 652 directed at Swinney’s account, 338 at the SNP and 112 at the Scottish Government.
Those figures do not prove that the Scottish election result was changed. They do not identify who paid for the operation. They do not establish that the Israeli state directed it. They do not tell us whether the accounts reached ordinary Scottish voters in any decisive way.
But they do show something else. Scotland is now a target in the commercialised grey zone between politics, cyber operations, propaganda and private influence work.
That should concern every party in Scotland, not only the SNP.
Reuters reported that BlackCore had described itself online as “an elite influence, cyber, and technology company built for the modern era of information warfare” before its website and LinkedIn page were taken offline. The company said it provided governments and political campaigns with tools and strategies to shape narratives. Reuters said it could not independently establish who was behind BlackCore, verify where it was based, or find any reference to the company in Israeli corporate records. BlackCore did not respond to repeated requests for comment.
That uncertainty is part of the story. The modern influence contractor is useful precisely because it can sit behind layers of deniability. A government, party, donor, campaign, business interest or ideological network does not necessarily need to run the operation itself. It can benefit from an outsourced ecosystem where false identities, automated behaviour, synthetic comments, deceptive pages and targeted attacks are produced at arm’s length.
The unanswered question is therefore not only “who did this?” It is “who wanted this done?”
Gridinsoft And The First Public Clues
Another clue sits in the public reputation record for blackcore.online.
Gridinsoft, a website reputation and malware-risk checking service, assessed the BlackCore domain and gave it a trust score of 12 out of 100. Its report placed the site in the “danger zone”, classified it as suspicious, recorded three provider warnings, noted multiple malware or phishing blacklist detections, and said the domain had limited independent reputation data. It also recorded the domain age as only 10 months.
That does not prove who operated BlackCore. It does not prove who paid for any alleged influence operation. It does not prove criminal conduct.
But it does matter.
A company presenting itself as an elite influence, cyber and technology operation serving governments and political campaigns would normally be expected to have a more stable public footprint: a clear corporate identity, longer domain history, visible executives, business records, professional references, and a website that does not trigger serious reputation warnings.
Instead, the public-facing BlackCore domain appears thin, recent and distrusted by automated security checks. Taken alongside Reuters’ finding that it could not verify BlackCore’s ownership, location or Israeli corporate registration, and the later disappearance of its website and LinkedIn page, the Gridinsoft result strengthens the impression of a brand built to appear powerful while remaining difficult to hold accountable.
For Scotland, that is the point. The alleged interference operation was not necessarily carried out through a public company that voters, regulators or journalists could easily inspect. It appears to have been linked to a vanishing digital presence: a domain, a set of online claims, technical infrastructure, and accounts that could enter Scottish political debate without the ordinary public markers of who was speaking, who was paying, or where the operation was based.
Hunting For BlackCore – Archived Screenshots
The difficulty with BlackCore is that it does not appear, from the public record now available, to behave like a normal company. It is not easily traceable through the ordinary routes one would expect: a clear corporate registration, named directors, a physical office, a stable website, identifiable leadership, visible clients, and a public record that matches the scale of its own claims. Reuters reported that it could not independently establish who was behind BlackCore, verify where it was based, or find a reference to the company in Israeli corporate records.
The public-facing brand was BlackCore, connected to the domain blackcore.online. Before it went dark, the website presented BlackCore as an influence, cyber and technology operation working in the world of information warfare and political campaigns. Archived and indexed versions of the site carried the title “BlackCore | Turning Intelligence into Impact”. That description alone places it far beyond ordinary public relations. It suggested an outfit designed not merely to advise, but to shape narratives in contested political spaces.
The infrastructure trail is more serious.
A Haaretz and Libération investigation, later summarised by The Canary, reported that investigators had identified eight subdomains tied to BlackCore. One was said to have been active on a London-based server run by a Finnish cloud provider, hosting a small number of similar sites. That server allegedly hosted login systems for tools that could be used in influence campaigns.
One reported login page carried the title: “Galacticos AI Avatar Generator Login Page.” That detail was reported in the same summary of the Haaretz and Libération investigation.
That detail points away from a simple communications agency and towards a more technical influence infrastructure. A source quoted in the Haaretz and Libération investigation said Galacticos had developed a product capable of generating avatars for influence operations and social-media monitoring. That claim has not been independently verified by Modern Scot, but it is precisely the kind of reported detail that helps explain why investigators and journalists are looking beyond BlackCore’s public website and into the machinery around it.
The company and name trail is equally revealing.
BlackCore is the public-facing name attached to the influence and cyber brand. Its own presentation was that of an information-warfare company offering services to governments and political campaigns. Reuters reported that BlackCore’s website and LinkedIn page were taken offline after journalists contacted it.
Galacticos is reported by Haaretz and Libération to have appeared in the infrastructure trail, including through the alleged avatar-generation tool. The same reporting says Galacticos was incorporated in Tel Aviv in April 2022 under the name Pagecorn Ltd, later became Mycelium Intelligence Networks, and then became Galacticos in 2024.
SNI has also been reported as another Israeli technology company linked through infrastructure in the Haaretz and Libération trail. That link remains reported investigative material, not a finding by Modern Scot.
Guy Geyor, also reported as Guy Gior in some accounts, has been described in reporting around the Galacticos and SNI trail as a technology entrepreneur connected to that wider business environment. He is reported to have denied knowing BlackCore or having any political activity in France.
Doron Afik, a lawyer and business figure, has also been named in reporting around the Galacticos and SNI trail. He too is reported to have denied knowledge of BlackCore.
Yigal Unna, former head of Israel’s National Cyber Directorate, has been reported as having been approached in relation to an OSINT or social-network intelligence start-up. He has denied any role in the BlackCore operation.
None of this proves, on the public evidence now available, who commissioned the alleged operation, who controlled BlackCore, or whether any state actor directed it. France’s Viginum has said its technical work led it to BlackCore, but the sponsor behind the alleged operations has not been publicly identified. Reuters reported that Viginum said it had not identified the sponsor or sponsors behind the operations.
What the trail does show is more disturbing in another way. BlackCore appears less like a conventional registered business and more like a disappearing influence brand attached to opaque digital infrastructure. The public website sold power. The corporate footprint is unclear. The site and public-facing accounts disappeared after scrutiny. The surrounding investigation points to subdomains, login systems, avatar tools and adjacent companies whose named figures have denied involvement.
For Scotland, that is the lesson. The danger is not only that a foreign-linked actor may have targeted John Swinney, the SNP and the Scottish Government. It is that such actors can appear inside Scottish political debate without voters knowing who they are, who pays them, where they are based, what tools they use, or what interests they serve.
In older politics, influence had an address. It had a donor, a meeting, a leaflet, a newspaper, a lobbyist, a declared campaign. In the new influence market, the operator may be a vanishing website, a rented server, a login page, a cluster of avatars and a set of accounts pretending to be public opinion.
That is why finding BlackCore matters. Not because one company explains everything, but because its disappearance shows the shape of the problem Scotland now faces.
In France, the first known BlackCore-linked case concerned candidates from La France Insoumise, a left-wing party strongly associated with pro-Palestinian politics. Reuters reported that the French campaign involved deceptive websites, bogus social media accounts, digital ads and allegations against candidates in Marseille, Toulouse and Roubaix. Meta told Reuters it had removed a network for coordinated inauthentic behaviour that originated in Israel and primarily targeted France. Google and TikTok also reportedly identified parts of the operation.
Scotland fits that pattern in one obvious respect. John Swinney and the Scottish Government had taken a prominent public position on Gaza and Israel. In September 2025, the Scottish Government announced that new awards of public money would be paused to defence companies whose products or services were provided to countries where there was plausible evidence of genocide being committed, including Israel. The Scottish Government also instructed relevant delivery bodies, where possible, not to support trade between Scotland and Israel.
That does not prove motive. It does, however, explain why Scotland may have appeared on the radar of an influence operation concerned with pro-Palestinian politicians, parties or governments.
There is another reason Scotland is attractive. The country’s politics are unusually legible from outside. A foreign operator does not need deep local knowledge to understand that Scottish debate can be pushed through familiar paths: independence, Westminster, Gaza, immigration, public services, energy, gender, identity, the constitution, resentment, distrust and the standing of the First Minister.
That makes Scotland vulnerable. Not because Scottish voters are gullible, but because the country’s political conversation is already highly networked, highly emotional and highly dependent on a handful of public platforms. A small number of accounts, if timed well and aimed at the right public figures, can create the impression of mass hostility, collapse, scandal or consensus.
This is not persuasion in the democratic sense. It is atmosphere engineering.
A voter reading a comment thread beneath a First Minister’s post is not told that the hostility may be coordinated. A journalist looking for “public reaction” may see volume and mistake it for feeling. A party staffer may sense momentum shifting. A candidate may change tone. A real voter may join in because the crowd appears already there.
That is the political danger. The aim of interference is not always to make people believe a specific lie. Sometimes it is enough to exhaust trust, increase cynicism and make democratic life feel poisoned.
France understands this because it has built a specific state service to detect foreign digital interference. Viginum was created in 2021 and sits within the French state’s national defence and security machinery. Its public material describes it as the technical and operational service responsible for vigilance and protection against foreign digital interference. It is authorised to analyse publicly accessible online content and identify coordinated foreign manipulation campaigns.
The United Kingdom has made legal changes of its own. The National Security Act 2023 created a foreign interference offence aimed at conduct intended to interfere with public functions or manipulate whether or how a person participates in a political or legal process, where the conduct is illegitimate and linked to a foreign power. Government guidance says state-sponsored disinformation campaigns intended to manipulate electoral participation can fall within the foreign interference framework.
The problem is that law, policing, intelligence, platform regulation and electoral enforcement are not moving fast enough to match the methods being used.
The Rycroft Review, published in April 2026, had already warned that the UK faces a persistent problem of foreign interests seeking to influence and interfere in politics, often with the aim of sowing distrust and deepening divisions. It recommended stronger controls on political finance, better due diligence by parties, more standardised reporting and better sharing of threat intelligence between the Electoral Commission, government, security services, police and political parties.
That review focused heavily on money. The BlackCore allegation shows that digital influence may need equal urgency. A hostile or covert actor does not always need to donate to a party, buy an advert or fund a campaign group. It can push thousands of comments into the bloodstream of public debate and let journalists, activists, algorithms and ordinary voters do the rest.
Digital imprints help, but only when the campaigner is visible. The Electoral Commission’s statutory guidance says certain campaign material must include details showing who is responsible for publishing it, so voters can see who is campaigning. That is useful for lawful campaign material. It is much less useful against fake accounts, foreign contractors, spoofed pages, deniable influence networks or coordinated comment farms that pretend to be ordinary citizens.
First, the Scottish Government should establish a clear public account of what happened. What accounts were involved? Were Scottish voters targeted beyond replies to official accounts? Were any paid advertisements used? Were any websites created? Were any Scottish political candidates, journalists, campaigners or community groups amplified or attacked? Did the activity breach UK electoral law, the National Security Act, platform rules, or none of them?
Second, Scotland needs transparency around impact. It is not enough to say the election result was unaffected. That may be true, but influence operations can damage democracy even when they do not change the final seat count. They can intimidate candidates, distort coverage, produce false public mood, poison trust in institutions and create a sense that politics is more hateful or hopeless than it really is.
Third, political parties in Scotland need better preparation. The SNP was the named target this time. Another party may be the target next time. Foreign interference is not loyal to Scotland’s constitutional divide. It will use whatever division is available.
Fourth, Scotland’s media needs its own discipline. Coordinated online outrage should not be treated automatically as public opinion. Screenshots of comment threads, anonymous accounts, sudden bursts of hostility and apparently viral claims need verification before they are turned into stories. The cheapest form of foreign interference is the one laundered by domestic media into legitimate political news.
Fifth, Scotland should demand platform accountability. X, Meta, TikTok, Google and other services are now part of the democratic infrastructure. If a foreign-linked influence campaign targets a Scottish election, platforms should be expected to preserve evidence, notify relevant authorities, remove coordinated inauthentic behaviour and publish clear post-election transparency reports. Democracy cannot depend on private companies deciding, quietly and inconsistently, what the public is allowed to know.
There is also a deeper question for Scotland’s future.
A country debating its constitutional position, energy assets, defence posture, migration, public services, land, water, data centres and international responsibilities will attract outside interest. Some of that interest is legitimate. Foreign governments, companies, investors, campaigners and diaspora communities will always have views on Scotland. Open societies allow argument.
But covert manipulation is different. It hides the speaker. It conceals the payer. It impersonates the public. It turns democratic debate into theatre.
The BlackCore allegation is a warning about the fragility of public trust in a small country whose politics are watched far beyond its borders.
Above all, Scotland should refuse to treat this as normal.
If a foreign or foreign-linked influence firm can enter Scottish political debate under false identities, attack elected leaders, amplify division and vanish before voters know who was speaking to them, then the issue is not party advantage. It is democratic contamination.
Scotland’s democracy does not need protection from disagreement. It needs protection from disguised power.
SOURCES
Modern Scot has used the following public sources and has treated unverified infrastructure claims with caution.
Gridinsoft, report on blackcore.online
https://gridinsoft.com/online-virus-scanner/url/blackcore-online
Reuters, Israeli firm BlackCore suspected of meddling in New York and Scotland votes, France says
https://www.reuters.com/world/israeli-firm-blackcore-also-suspected-meddling-nyc-scotland-votes-french-2026-06-11/
Reuters, France probes whether Israeli firm BlackCore interfered in local elections, sources say
https://www.reuters.com/business/media-telecom/france-probes-whether-israeli-firm-blackcore-interfered-local-elections-sources-2026-05-13/
The Guardian, France accuses Israeli firm of interfering in Scottish elections and targeting SNP
https://www.theguardian.com/uk-news/2026/jun/12/france-accuses-israeli-firm-interfering-scottish-elections-john-swinney-snp
Archived BlackCore website, “BlackCore | Turning Intelligence into Impact”
https://archive.ph/nfR98
BlackCore website
https://blackcore.online/
The Canary, summary of Haaretz and Libération investigation into BlackCore, Galacticos and alleged influence infrastructure
https://www.thecanary.co/global/world-analysis/2026/05/19/blackcore-psy-op/
Big News Network, report referencing SNI and related Israeli cyber-influence infrastructure claims
https://www.bignewsnetwork.com/news/279069336/wired-for-war-the-israeli-spy-tech-machine-strikes-again
Mediapart blog, report referencing Yigal Unna and the France/BlackCore investigation
https://blogs.mediapart.fr/yves-romain/blog/190526/enquete-la-campagne-municipale-de-la-france-insoumise-influencee-depuis-tel-aviv
Scottish Government, Support for defence companies involved in Israel halted
https://www.gov.scot/news/support-for-defence-companies-involved-in-israel-halted/
Scottish Parliament SPICe, Election 2026
https://www.parliament.scot/chamber-and-committees/research-prepared-for-parliament/research-briefings/2026/5/12/sb-2626
UK Government, The Rycroft Review: Report of the independent review into countering foreign financial influence and interference in UK politics
https://www.gov.uk/government/publications/the-rycroft-review-report-of-the-independent-review-into-countering-foreign-financial-influence-and-interference-in-uk-politics/the-rycroft-review-report-of-the-independent-review-into-countering-foreign-financial-influence-and-interference-in-uk-politics
UK Government, Foreign interference: National Security Bill factsheet
https://www.gov.uk/government/publications/national-security-bill-factsheets/foreign-interference-national-security-bill-factsheet
National Security Act 2023
https://www.legislation.gov.uk/ukpga/2023/32
Ofcom, Assessing the risk of foreign influence in UK search results
https://www.ofcom.org.uk/online-safety/illegal-and-harmful-content/assessing-the-risk-of-foreign-influence-in-uk-search-results
Electoral Commission, Statutory guidance on digital imprints
https://www.electoralcommission.org.uk/statutory-guidance-digital-imprints
Electoral Commission, Imprints for non-party campaigners at Scottish Parliamentary elections and council elections in Scotland
https://www.electoralcommission.org.uk/imprints-non-party-campaigners-scottish-parliamentary-elections-and-council-elections-scotland-0
Viginum, 2024 activity report
https://www.vie-publique.fr/files/rapport/pdf/301522.pdf
Viginum, Year 1 report
https://www.sgdsn.gouv.fr/files/files/Publications/RA-Viginum-Annee1-32p-V20_EN_LQP-1.pdf
House of Commons Library, What impact do digital imprints have on voters?
https://commonslibrary.parliament.uk/research-briefings/cbp-10826/
House of Commons Library, Imprints on election and campaign material
https://commonslibrary.parliament.uk/research-briefings/sn02174/
European Commission, Digital Services Act overview
https://commission.europa.eu/strategy-and-policy/priorities-2019-2024/europe-fit-digital-age/digital-services-act_en
European External Action Service, Foreign Information Manipulation and Interference
https://www.eeas.europa.eu/eeas/foreign-information-manipulation-interference-fimi_en
NATO StratCom COE, Reports and publications on information manipulation
https://stratcomcoe.org/publications/
Emilio Ferrara, Charting the Landscape of Nefarious Uses of Generative Artificial Intelligence for Online Election Interference
https://arxiv.org/abs/2406.01862
Genevieve Gorrell et al, Online Abuse toward Candidates during the UK General Election 2019
https://arxiv.org/abs/2001.08686
Fatima Haouari et al, UKElectionNarratives: A Dataset of Misleading Narratives Surrounding Recent UK General Elections
https://arxiv.org/abs/2505.05459
