Security Experts:

Connect with us

Hi, what are you looking for?



Iran-based Social Media Scheme Impersonated Press

Facebook and Twitter said Tuesday they shuttered accounts used in an Iran-based social media campaign to sway public opinion by impersonating reporters, politicians and others.

Facebook and Twitter said Tuesday they shuttered accounts used in an Iran-based social media campaign to sway public opinion by impersonating reporters, politicians and others.

Facebook removed 51 accounts, 36 pages and seven groups from the social network and another three from Instagram after investigating a tip from internet security firm FireEye, according to head of cybersecurity policy Nathaniel Gleicher.

Twitter told AFP that it removed a network of 2,800 inauthentic accounts originating in Iran in early May, but was not privy to the FireEye findings made public Tuesday.

“Our investigations into these accounts are ongoing,” a Twitter spokeswoman said, declining to discuss details until the analysis was finished.

A network of English-language social media accounts misrepresenting who was behind them was evidently orchestrated to promote Iranian political interests, according to California-based FireEye.

“In addition to utilizing fake American personas that espoused both progressive and conservative political stances, some accounts impersonated real American individuals, including a handful of Republican political candidates that ran for House of Representatives seats in 2018,” FireEye said in a blog post.

Playing the press

Those in the influence network had material published in US and Israeli media outlets, lobbied journalists to cover certain topics, and appear to have orchestrated interviews in the US and Britain regarding politics, according to FireEye.

It was not immediately clear whether this campaign was related to a broader Iran-based social media influence operation uncovered last year, FireEye said.

“The individuals behind this activity, which also took place on other internet platforms and websites, misled people about who they were and what they were doing,” Gleicher said.

Those actors claimed to be located in the United States or Europe and used fake accounts to run pages or groups as they impersonated legitimate news organizations in the Middle East, according to Facebook.

“The individuals behind this activity also represented themselves as journalists or other personas and tried to contact policymakers, reporters, academics, Iranian dissidents and other public figures,” Gleicher said.

Facebook content was posted in English or Arabic. Topics of discussion included public figures, US secessionist movements, Islam, Saudi Arabian influence in the Middle East and politics in the United States and Britain.

About 21,000 accounts followed one or more of the Facebook pages, while about 1,900 accounts joined one or more of the groups and around 2,600 people followed one or more of the Instagram accounts, according to Gleicher.

FireEye said that some accounts in the social media campaign claimed to be activists, correspondents or “free journalists” in descriptions of the users.

“Narratives promoted by these and other accounts in the network included anti-Saudi, anti-Israeli and pro-Palestinian themes,” FireEye said.

Accounts expressed support for the Joint Comprehensive Plan of Action — the deal aimed at curbing Iran’s nuclear program in exchange for sanctions relief.

They also opposed the Trump administration’s designation of Iran’s Revolutionary Guard Corps as a Foreign Terrorist Organization, according to the cybersecurity firm.

Political posers

The network’s Twitter accounts posed as Republican political candidates running in the 2018 US congressional midterms, appropriating photos and plagiarizing tweets from legitimate accounts, FireEye said.

Early this year, Facebook said it took down hundreds of “inauthentic” accounts from Iran that were part of a vast manipulation campaign operating in more than 20 countries.

The pages were part of a campaign to promote Iranian interests in various countries by creating fake identities as residents of those nations, Gleicher said at the time.

The operators “typically represented themselves as locals, often using fake accounts, and posted news stories on current events,” including “commentary that repurposed Iranian state media’s reporting on topics like Israel-Palestine relations and the conflicts in Syria and Yemen,” according to Facebook.

Facebook has invested heavily in artificial intelligence and staff in an effort to stamp out efforts by state actors and others to manipulate the social network using fraudulent accounts.

Late last year, Facebook took down accounts linked to an Iranian effort to influence US and British politics with messages about charged topics such as immigration and race relations.

The social network began looking into these kinds of activities after revelations of Russian influence campaigns during the 2016 US election aimed at sowing discord.

RelatedMicrosoft Takes Control of 99 Domains Used by Iranian Cyberspies

Related: Iran-Linked Influence Campaign Targets US, Others

Written By

AFP 2023

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join this webinar to learn best practices that organizations can use to improve both their resilience to new threats and their response times to incidents.


Join this live webinar as we explore the potential security threats that can arise when third parties are granted access to a sensitive data or systems.


Expert Insights

Related Content


WASHINGTON - Cyberattacks are the most serious threat facing the United States, even more so than terrorism, according to American defense experts. Almost half...


Websites of German airports, administration bodies and banks were hit by DDoS attacks attributed to Russian hacker group Killnet


Iranian APT Moses Staff is leaking data stolen from Saudi Arabia government ministries under the recently created Abraham's Ax persona


The war in Ukraine is the first major conflagration between two technologically advanced powers in the age of cyber. It prompts us to question...

Application Security

Fortinet on Monday issued an emergency patch to cover a severe vulnerability in its FortiOS SSL-VPN product, warning that hackers have already exploited the...


Russia-linked cyberespionage group APT29 has been observed using embassy-themed lures and the GraphicalNeutrino malware in recent attacks.

Application Security

Virtualization technology giant VMware on Tuesday shipped urgent updates to fix a trio of security problems in multiple software products, including a virtual machine...


A newly identified threat actor tracked as NewsPenguin has been targeting military organizations in Pakistan with sophisticated malware.