Connect with us

Hi, what are you looking for?



Twitter Removes 30,000 State-Linked Manipulation Accounts

Twitter on Friday announced that it took down more than 30,000 accounts pertaining to three networks associated with China, Turkey, and Russia state-linked manipulation activities.

Twitter on Friday announced that it took down more than 30,000 accounts pertaining to three networks associated with China, Turkey, and Russia state-linked manipulation activities.

A total of 32,242 accounts were added to the social platform’s archive of state-linked information operations, while the accounts themselves, along with all of the content associated with them, have been permanently removed from Twitter.

Attributed to the People’s Republic of China (PRC), the largest of the three networks included 23,750 accounts forming the core of the network, along with approximately 150,000 amplifier accounts, which were not added to the public archive.

The network was engaged in a range of manipulative and coordinated activities, mainly using Chinese languages to spread geopolitical narratives favorable to the Communist Party of China (CCP).

Furthermore, the accounts pushed “deceptive narratives about the political dynamics in Hong Kong,” in continuation of the activity of a 200,000 accounts network that was shut down in August 2019.

In fact, this continuation of activity helped Twitter and research partners Australian Strategic Policy Institute (ASPI) and Stanford Internet Observatory (SIO) link the new network to the PRC.

Twitter and other popular social media services are banned in China, but are accessible in Hong Kong, and the Chinese government is believed to have long been involved in disinformation campaigns targeting the Chinese abroad.

Advertisement. Scroll to continue reading.

“Our proactive removal of this network from Twitter is a direct result of the technical efforts we instituted after thoroughly studying and investigating past coordinated information operations from the PRC,” the social media giant notes.

Despite its size, the new network did not achieve considerable traction on Twitter, as the accounts were identified and removed early. Most of the 150,000 amplifier accounts had few or no followers, but were meant to “artificially inflate impression metrics and engage with the core accounts.”

A total of 7,340 accounts targeting domestic audiences within Turkey were added to Twitter’s state-linked operations archive, including both fake and compromised accounts. Detected earlier this year, the network operated in support of the AK Parti and President Erdogan.

Associated with the youth wing of the party, the network “includes several compromised accounts associated with organizations critical of President Erdogan and the Turkish Government.” The compromised accounts have been repeatedly targeted by state actors for takeover, Twitter says.

Twitter also took down 1,152 accounts associated with state-backed political propaganda within Russia. The accounts were cross-posting and amplifying content in an inauthentic, coordinated manner, promoting the United Russia party and targeting political dissidents.

Related: Twitter Flexing its Muscles Against State Misinformation

Related: Twitter Closes Thousands of Fake News Accounts Worldwide

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

SecurityWeek’s Threat Detection and Incident Response Summit brings together security practitioners from around the world to share war stories on breaches, APT attacks and threat intelligence.


Securityweek’s CISO Forum will address issues and challenges that are top of mind for today’s security leaders and what the future looks like as chief defenders of the enterprise.


Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.


The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.


Luxury retailer Neiman Marcus Group informed some customers last week that their online accounts had been breached by hackers.


As it evolves, web3 will contain and increase all the security issues of web2 – and perhaps add a few more.


A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

CISO Strategy

SecurityWeek spoke with more than 300 cybersecurity experts to see what is bubbling beneath the surface, and examine how those evolving threats will present...


Satellite TV giant Dish Network confirmed that a recent outage was the result of a cyberattack and admitted that data was stolen.


Zendesk is informing customers about a data breach that started with an SMS phishing campaign targeting the company’s employees.