Social media troll
News

Meta finds connection between rogue social media campaign and members of US military

Posted: November 24, 2022 by Christopher Boyd

Whenever you hear tales of bogus social media campaigns shut down by major services, the inevitable follow up report almost always cites one of a handful of groups or nations responsible. In September, Meta took down a network of Russian bad actors impersonating European news outlets promoting pro-Kremlin views of the Ukraine invasion. Around the same time, a Chinese campaign was allegedly trying to interfere in US politics.

This time around, we have something a little different. The latest fake social media campaign is not being attributed to rogues operating out of China or Russia. Nope. This one has links to “individuals associated with the US military”.

There is an important distinction to make here, as some headlines are attributing this to the US military specifically. It could be an official operation. It could also be individuals taking it upon themselves to stir up a little misinformation machine of their own. At time of writing, there is no admission as to whether these accounts were created by contractors or personnel, and we’re unlikely to see concrete details.

The inauthentic behaviour factory

This news comes from the latest Quarterly Adversarial Threat Report from Meta, released a few days ago. The report, which focuses on what Meta calls coordinated inauthentic behaviour (CIB), illustrates findings and facts to make it a little easier to get a handle on complex misinformation and disinformation campaigns using social media as their battleground.

While the main reports are perhaps expected to put in an appearance (a campaign of Russian origin targeting several EU members and the United Kingdom, and an operation originating in China which targeted the US and others), it’s the third slice of the report arguably drawing the most attention. Step up to the plate, previously mentioned individuals associated with the US military.

No fewer than 39 Facebook accounts, 16 pages, two groups, and even 26 Instagram accounts were taken down for violating policy on CIB.

The network, originating in the US, focused on multiple countries including Iran, Iraq, Russia, Somalia, and Yemen.

The campaign uses tactics which regular readers will be familiar with:

  • Some profiles used deepfake (cheapfake?) images for profile pictures, which means they can’t be reverse image searched and traced back to stock model photography.

  • The profiles claim to be based in the regions they’re posting about. Some are also making use of supposed small media brands, and this branding is applied to several interconnected pages to add legitimacy and realness to the profiles.

  • For many, there’s a presence on several services like Twitter, YouTube, Telegram, even some blogs and other websites.

Interestingly, the accounts were primarily found to be operating on US hours instead of work hours in the nations targeted. This is going to stand out badly to people actively hunting for this kind of activity.

In terms of content posted:

  • News and current event posts, written in the local language. Concerns about terrorism were posted alongside praise for the US military.

  • COVID-19 content, some of which was removed for violating Meta’s misinformation policy.

  • Criticism of Iran, China, Russia, the Ukraine invasion, and China’s treatment of the Uyghur people.

Meta’s data dovetails into additional research on this same group’s operations published in August of this year.

A big splash or a small whimper?

The impact of this campaign is, all things considered, small fry. Just $2,500 spent on advertising, with the most popular account weighing in at 22,000 followers and about 400 accounts joining one of the groups. As the report puts it, “the majority of this operation’s posts had little to no engagement from authentic communities”.

For as long as social platforms exist, campaigns such as the above will be lurking at the edges and doing their best to antagonise or destabilise. We can only hope that the platforms they operate on continue to seek out and shut down the key players, no matter who they may or may not be going to bat for.

We don’t just report on threats—we remove them

Cybersecurity risks should never spread beyond a headline. Keep threats off your devices by downloading Malwarebytes today.

RELATED ARTICLES

Fishing in a lake
Cybercrime

Law enforcement reels in phishing-as-a-service whopper

April 18, 2024 - A major international law enforcement effort has disrupted the notorious LabHost phishing-as-a-service platform.

CONTINUE READING 0 Comments
Cerebral logo
News | Privacy

Mental health company Cerebral failed to protect sensitive personal data, must pay $7 million

April 18, 2024 - The Federal Trade Commission (FTC) has reached a settlement with online mental health services company Cerebral after the company was charged with failing to secure and protect sensitive health data.

CONTINUE READING 0 Comments
JuicyFields investment scam
News | Scams

Cannabis investment scam JuicyFields ends in 9 arrests

April 18, 2024 - JuicyFields was an investment scam that urged victims to invest in cannabis production.

CONTINUE READING 0 Comments
A mobile phone in the hands of a young woman in a dark colored t-shirt.
Privacy

Should you share your location with your partner?

April 17, 2024 - Location sharing is popular among couples. But is it something you want in your own relationship?

CONTINUE READING 0 Comments
Giant Tiger logo
News | Personal

Giant Tiger breach sees 2.8 million records leaked

April 16, 2024 - A threat actor claims to be in possession of 2.8 million records originating from a hack at Canadian retail chain Giant Tiger

CONTINUE READING 0 Comments

ABOUT THE AUTHOR

Christopher Boyd

Christopher Boyd

Former Director of Research at FaceTime Security Labs. He has a very particular set of skills. Skills that make him a nightmare for threats like you.

Contributors icon

Contributors

Threat Center icon

Threat Center

Podcasts icon

Podcast

Glossary icon

Glossary

Scams icon

Scams