Connect with us

Hi, what are you looking for?



Facebook Removes More State-Linked Misleading Accounts

Facebook this week said it removed three unrelated networks of accounts, pages, and groups that engaged in inauthentic behavior on behalf of foreign governments or threat actors.

Facebook this week said it removed three unrelated networks of accounts, pages, and groups that engaged in inauthentic behavior on behalf of foreign governments or threat actors.

The networks involved the use of fake accounts meant to mislead others on Facebook and Instagram, and were taken down due to their behavior, not because of the content posted, the social media company says.

Originating in Russia, the first of the networks was primarily targeted at Ukraine and its neighboring countries. Facebook removed 78 accounts, 11 pages, and 29 groups, as well as four Instagram accounts that were violating its policy against foreign or government interference.

Fake accounts were used to manage groups and pages and to post and comment, with the individuals behind the campaign posing as citizen journalists and attempting to contact policymakers, journalists and other public figures in the region.

The pages had approximately 500 followers and over 6,100 accounts joined at least one of these groups. The Instagram accounts amassed roughly 100 followers, Facebook reveals.

The second network that was taken down originated in Iran and included 6 Facebook accounts and 5 Instagram accounts. Mainly targeting the United States, the network is connected to the 783 pages, groups and accounts linked to Iran that the social platform took down in January.

“They shared posts about political news and geopolitics including topics like the US elections, Christianity, US-Iran relations, US immigration policy, criticism of US policies in the Middle East and public figures as well as video interviews with academics, public figures and columnists on issues related to Iran and US elections,” Facebook explains.

Advertisement. Scroll to continue reading.

According to FireEye, these accounts were related to the wider network of fake social media accounts set up to support Iranian political interests that it refers to as Distinguished Impersonator, and which was initially detailed in May 2019.

FireEye also linked 40 Twitter accounts to this network and says that Twitter recently took action against them.

The 11 accounts Facebook removed now were impersonating prominent individuals, including journalists and U.S. liberals, and were “amplifying authentic content from other social media users broadly in line with that proclaimed political leaning, as well as material more directly in line with Iranian political interests,” FireEye explains.

The security firm observed a direct overlap between six of the personas on Facebook and those on Twitter. While the Twitter accounts actively commented on posts by influential individuals and organizations, Instagram accounts posted screenshots of this activity. The Instagram accounts had roughly 60 followers, Facebook revealed.

The third network that Facebook recently took down originated in Myanmar and Vietnam and focused on Myanmar. It included 13 Facebook accounts and 10 pages, with the individuals behind the activity posing as independent telecom consumer news hubs.

According to Facebook, approximately 265,600 accounts followed one or more of these pages. The network operators also spent around $1,155,000 for ads on Facebook.

Related: Facebook Takes Down Vast Iran-led Manipulation Campaign

Related: Twitter, Facebook Target State-Linked Accounts Made to Manipulate

Related: Facebook Takes Down Misleading Campaigns From Iraq, Ukraine

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join security experts as they discuss ZTNA’s untapped potential to both reduce cyber risk and empower the business.


Join Microsoft and Finite State for a webinar that will introduce a new strategy for securing the software supply chain.


Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.


The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.


As it evolves, web3 will contain and increase all the security issues of web2 – and perhaps add a few more.

CISO Strategy

SecurityWeek spoke with more than 300 cybersecurity experts to see what is bubbling beneath the surface, and examine how those evolving threats will present...


A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...


Luxury retailer Neiman Marcus Group informed some customers last week that their online accounts had been breached by hackers.

CISO Conversations

Joanna Burkey, CISO at HP, and Kevin Cross, CISO at Dell, discuss how the role of a CISO is different for a multinational corporation...

CISO Conversations

In this issue of CISO Conversations we talk to two CISOs about solving the CISO/CIO conflict by combining the roles under one person.