Social media troll

Meta finds connection between rogue social media campaign and members of US military

Whenever you hear tales of bogus social media campaigns shut down by major services, the inevitable follow up report almost always cites one of a handful of groups or nations responsible. In September, Meta took down a network of Russian bad actors impersonating European news outlets promoting pro-Kremlin views of the Ukraine invasion. Around the same time, a Chinese campaign was allegedly trying to interfere in US politics.

This time around, we have something a little different. The latest fake social media campaign is not being attributed to rogues operating out of China or Russia. Nope. This one has links to “individuals associated with the US military”.

There is an important distinction to make here, as some headlines are attributing this to the US military specifically. It could be an official operation. It could also be individuals taking it upon themselves to stir up a little misinformation machine of their own. At time of writing, there is no admission as to whether these accounts were created by contractors or personnel, and we’re unlikely to see concrete details.

The inauthentic behaviour factory

This news comes from the latest Quarterly Adversarial Threat Report from Meta, released a few days ago. The report, which focuses on what Meta calls coordinated inauthentic behaviour (CIB), illustrates findings and facts to make it a little easier to get a handle on complex misinformation and disinformation campaigns using social media as their battleground.

While the main reports are perhaps expected to put in an appearance (a campaign of Russian origin targeting several EU members and the United Kingdom, and an operation originating in China which targeted the US and others), it’s the third slice of the report arguably drawing the most attention. Step up to the plate, previously mentioned individuals associated with the US military.

No fewer than 39 Facebook accounts, 16 pages, two groups, and even 26 Instagram accounts were taken down for violating policy on CIB.

The network, originating in the US, focused on multiple countries including Iran, Iraq, Russia, Somalia, and Yemen.

The campaign uses tactics which regular readers will be familiar with:

  • Some profiles used deepfake (cheapfake?) images for profile pictures, which means they can’t be reverse image searched and traced back to stock model photography.

  • The profiles claim to be based in the regions they’re posting about. Some are also making use of supposed small media brands, and this branding is applied to several interconnected pages to add legitimacy and realness to the profiles.

  • For many, there’s a presence on several services like Twitter, YouTube, Telegram, even some blogs and other websites.

Interestingly, the accounts were primarily found to be operating on US hours instead of work hours in the nations targeted. This is going to stand out badly to people actively hunting for this kind of activity.

In terms of content posted:

  • News and current event posts, written in the local language. Concerns about terrorism were posted alongside praise for the US military.

  • COVID-19 content, some of which was removed for violating Meta’s misinformation policy.

  • Criticism of Iran, China, Russia, the Ukraine invasion, and China’s treatment of the Uyghur people.

Meta’s data dovetails into additional research on this same group’s operations published in August of this year.

A big splash or a small whimper?

The impact of this campaign is, all things considered, small fry. Just $2,500 spent on advertising, with the most popular account weighing in at 22,000 followers and about 400 accounts joining one of the groups. As the report puts it, “the majority of this operation’s posts had little to no engagement from authentic communities”.

For as long as social platforms exist, campaigns such as the above will be lurking at the edges and doing their best to antagonise or destabilise. We can only hope that the platforms they operate on continue to seek out and shut down the key players, no matter who they may or may not be going to bat for.

We don’t just report on threats—we remove them

Cybersecurity risks should never spread beyond a headline. Keep threats off your devices by downloading Malwarebytes today.


Christopher Boyd

Former Director of Research at FaceTime Security Labs. He has a very particular set of skills. Skills that make him a nightmare for threats like you.