Connect with us

Hi, what are you looking for?



Twitter Removes 30,000 State-Linked Manipulation Accounts

Twitter on Friday announced that it took down more than 30,000 accounts pertaining to three networks associated with China, Turkey, and Russia state-linked manipulation activities.

Twitter on Friday announced that it took down more than 30,000 accounts pertaining to three networks associated with China, Turkey, and Russia state-linked manipulation activities.

A total of 32,242 accounts were added to the social platform’s archive of state-linked information operations, while the accounts themselves, along with all of the content associated with them, have been permanently removed from Twitter.

Attributed to the People’s Republic of China (PRC), the largest of the three networks included 23,750 accounts forming the core of the network, along with approximately 150,000 amplifier accounts, which were not added to the public archive.

The network was engaged in a range of manipulative and coordinated activities, mainly using Chinese languages to spread geopolitical narratives favorable to the Communist Party of China (CCP).

Furthermore, the accounts pushed “deceptive narratives about the political dynamics in Hong Kong,” in continuation of the activity of a 200,000 accounts network that was shut down in August 2019.

In fact, this continuation of activity helped Twitter and research partners Australian Strategic Policy Institute (ASPI) and Stanford Internet Observatory (SIO) link the new network to the PRC.

Twitter and other popular social media services are banned in China, but are accessible in Hong Kong, and the Chinese government is believed to have long been involved in disinformation campaigns targeting the Chinese abroad.

Advertisement. Scroll to continue reading.

“Our proactive removal of this network from Twitter is a direct result of the technical efforts we instituted after thoroughly studying and investigating past coordinated information operations from the PRC,” the social media giant notes.

Despite its size, the new network did not achieve considerable traction on Twitter, as the accounts were identified and removed early. Most of the 150,000 amplifier accounts had few or no followers, but were meant to “artificially inflate impression metrics and engage with the core accounts.”

A total of 7,340 accounts targeting domestic audiences within Turkey were added to Twitter’s state-linked operations archive, including both fake and compromised accounts. Detected earlier this year, the network operated in support of the AK Parti and President Erdogan.

Associated with the youth wing of the party, the network “includes several compromised accounts associated with organizations critical of President Erdogan and the Turkish Government.” The compromised accounts have been repeatedly targeted by state actors for takeover, Twitter says.

Twitter also took down 1,152 accounts associated with state-backed political propaganda within Russia. The accounts were cross-posting and amplifying content in an inauthentic, coordinated manner, promoting the United Russia party and targeting political dissidents.

Related: Twitter Flexing its Muscles Against State Misinformation

Related: Twitter Closes Thousands of Fake News Accounts Worldwide

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join security experts as they discuss ZTNA’s untapped potential to both reduce cyber risk and empower the business.


Join Microsoft and Finite State for a webinar that will introduce a new strategy for securing the software supply chain.


Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.


The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.


As it evolves, web3 will contain and increase all the security issues of web2 – and perhaps add a few more.

CISO Strategy

SecurityWeek spoke with more than 300 cybersecurity experts to see what is bubbling beneath the surface, and examine how those evolving threats will present...


A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...


Luxury retailer Neiman Marcus Group informed some customers last week that their online accounts had been breached by hackers.

CISO Conversations

Joanna Burkey, CISO at HP, and Kevin Cross, CISO at Dell, discuss how the role of a CISO is different for a multinational corporation...

CISO Conversations

In this issue of CISO Conversations we talk to two CISOs about solving the CISO/CIO conflict by combining the roles under one person.