Meta

Meta’s Adversarial Threat Report, Third Quarter 2022

Takeaways

  • This quarterly threat report includes our findings about three networks we took down in the United States, China and Russia. The latter two we originally reported on September 27, 2022.
  • The US network — linked to individuals associated with the US military — operated across many internet services and focused on Afghanistan, Algeria, Iran, Iraq, Kazakhstan, Kyrgyzstan, Russia, Somalia, Syria, Tajikistan, Uzbekistan and Yemen.

Update on December 15, 2022 at 5:00 AM PT:

Our investigations linked the Russian network to two companies in this country: Structura National Technologies, an information technology firm and Social Design Agency (Агентство Социального Проектирования), a marketing and political consulting firm.

Originally published on November 22, 2022 at 10:00 AM PT:

Our security teams continue to focus on finding and removing deceptive campaigns around the world — whether they are foreign or domestic.

Over the past five years, we’ve shared our findings about coordinated inauthentic behavior (CIB) and other threats we detect and remove from our platforms. Today, as part of our regular adversarial threat reports, we’re publishing information about three networks we took down during the last quarter to make it easier for people to see the progress we’re making in one place. We have shared information about our findings with industry partners, researchers and policymakers.

Here are the key insights in today’s Adversarial Threat Report:

1. United States: We removed 39 Facebook accounts, 16 Pages, two Groups and 26 accounts on Instagram for violating our policy against coordinated inauthentic behavior. This network originated in the United States and focused on a number of countries including Afghanistan, Algeria, Iran, Iraq, Kazakhstan, Kyrgyzstan, Russia, Somalia, Syria, Tajikistan, Uzbekistan and Yemen. The operation ran across many internet services, including Twitter, YouTube, Telegram, VKontakte and Odnoklassniki. It included several clusters of fake accounts on our platforms, some of which were detected and disabled by our automated systems prior to our investigation. The majority of this operation’s posts had little to no engagement from authentic communities.

We found this activity as part of our internal investigation into suspected coordinated inauthentic behavior in the region. We’ve shared information about this network with independent researchers at Graphika and the Stanford Internet Observatory, who have published their findings about this network’s activity across the internet on August 24, 2022. Although the people behind this operation attempted to conceal their identities and coordination, our investigation found links to individuals associated with the US military.

2. China (originally reported on September 27, 2022): We took down 81 Facebook accounts, eight Pages, one Group and two accounts on Instagram for violating our policy against CIB. This network originated in China and targeted the United States, the Czech Republic and, to a lesser extent, Chinese- and French-speaking audiences around the world. It operated across many internet services, including Facebook, Instagram, Twitter and two Czech petition platforms.

Each cluster of accounts posted content during working hours in China rather than when their target audiences would typically be awake. Only a few people engaged with it and some of those who did called it out as fake. Our automated systems took down a number of accounts and Pages for various community standards violations, including impersonation and inauthenticity. We found this activity as part of our internal investigation into suspected coordinated inauthentic behavior in the region.

3. Russia (originally reported on September 27, 2022): We took down 1,633 accounts, 703 Pages, one Group and 29 accounts on Instagram for violating our policy against CIB. This network originated in Russia and targeted primarily Germany, and also France, Italy, Ukraine and the United Kingdom. The operation centered around a large network of websites carefully impersonating legitimate news organizations in Europe. There, they would post original articles that criticized Ukraine, praised Russia and argued that Western sanctions on Russia would backfire. They would then promote these articles, memes and YouTube videos on Facebook, Instagram, Telegram, Twitter, petitions websites Change[.]org and Avaaz, and LiveJournal.

We began our investigation after reviewing public reporting into a portion of this activity by investigative journalists in Germany. The researchers at the Digital Forensic Research Lab also provided insights into a part of this network, and we’ve shared our findings with them to enable further research into the broader operation. Throughout our investigation and after our initial reporting, as we blocked this operation’s domains, they set up hundreds of new websites, suggesting persistence and continuous investment in this activity. We’ve continued to update our original takedown report with these domains to help inform open source security research.

We know that influence operations will keep evolving in response to our enforcement, and new deceptive behaviors will emerge. We will continue to refine our enforcement and share our findings publicly. We are making progress rooting out this abuse, but as we’ve said before — it’s an ongoing effort and we’re committed to continually improving to stay ahead.

See the full Adversarial Threat Report for more information.



To help personalize content, tailor and measure ads, and provide a safer experience, we use cookies. By clicking or navigating the site, you agree to allow our collection of information on and off Facebook through cookies. Learn more, including about available controls: Cookie Policy