Pierluigi Paganini
May 30, 2025
Meta announced the disruption of three influence operations from Iran, China, and Romania using fake accounts to spread propaganda and manipulate discourse on Facebook, Instagram, and more.
The social media giant pointed out that it had removed covert influence campaigns early, preventing them from gaining real audiences on its platforms.
Meta removed 157 Facebook accounts, 19 Pages, 1 Group, and 17 Instagram accounts tied to a China-based network targeting Myanmar, Taiwan, and Japan. The operation used fake accounts, in some cases threat actors used AI-generated photos and run by an account farm to spread local-language content. Topics included support for Myanmar’s junta, criticism of Japan’s U.S. ties, and corruption claims in Taiwan. According to the report, the network had approximately 7,800 Page followers, 25 Group members, and 700 Instagram followers.
Meta removed 17 Facebook accounts, 22 Pages, and 21 Instagram accounts tied to an Iran-based network targeting Azeri-speaking users in Azerbaijan and Turkey. These fake accounts posed as female journalists and pro-Palestine activists, using hashtags like #palestine and #gaza to spread spammy content across Meta platforms, YouTube, X, and websites. Company’s automated systems disabled some of the fake accounts. Posts focused on global events and anti-U.S. rhetoric. The network gained 44,000 Page followers, 63,000 Instagram followers, and spent $70 on ads.
The social media company also removed 658 Facebook accounts, 14 Pages, and 2 Instagram accounts linked to a Romania-based network for violating coordinated inauthentic behavior policies. These fake accounts, some auto-detected, posed as locals sharing sports, travel, and local news to appear credible across Facebook, YouTube, X, and TikTok. They also commented on posts by politicians and news outlets. The campaign had 18,300 Page followers, 40 on Instagram, and spent around $177,000 on ads, mostly in USD.
The Adversarial Threat Report published by the company also includes Threat indicators for the ablot campaigns.
“To help the broader research community to study and protect people across different internet services, we’ve collated and organized these indicators according to the Online Operations Kill Chain framework, which we use to analyze many sorts of malicious online operations, identify the earliest opportunities to disrupt them, and share information across investigative teams.” reads the Meta’s Adversarial Threat Report, First Quarter 2025. “The kill chain describes the sequence of steps that threat actors go through to establish a presence across the internet, disguise their operations, engage with potential audiences, and respond to takedowns. We’re sharing these threat indicators to enable further research by the open-source community into any related activity across the web (GitHub).”
Follow me on Twitter: @securityaffairs and Facebook and Mastodon
(SecurityAffairs – hacking, social media)
