Meta has disclosed that it disrupted two of the largest known covert influence operations in the world from China and Russia, blocking thousands of accounts and pages across its platform.
“It targeted more than 50 apps, including Facebook, Instagram, X (formerly Twitter), YouTube, TikTok, Reddit, Pinterest, Medium, Blogspot, LiveJournal, VKontakte, Vimeo, and dozens of smaller platforms and forums,” Guy Rosen, chief information security officer at Meta, said last week, describing the Chinese disinformation group.
The network, which included 7,704 Facebook accounts, 954 Pages, 15 Groups and 15 Instagram accounts, is said to have been run by “geographically dispersed operators” across China, posting content about China and its province Xinjiang, criticism of the U.S, Western foreign policies, and critics of the Chinese government.
Central to the activity is the sharing of spammy links, the origins of which trace back to a cluster named Spamouflage (aka DRAGONBRIDGE) that has been active since mid-2018, with Meta uncovering links to individuals associated with Chinese law enforcement in connection with the operation.
“Many comments on Spamouflage posts that we have observed came from other Spamouflage accounts trying to make it look like they were more popular than they were,” Meta said. “Only a few instances have been reported when Spamouflage content on Twitter and YouTube was amplified by real-world influencers.”
For all the impressive scale and scope, Spamouflage’s efforts appear to have largely fallen flat, as the company noted that it has not found any evidence of the network getting any substantial engagement among authentic communities on its services.
In response to the findings, China said “some people and institutions have launched one ‘rumor campaign’ after another against China on social media platforms and spread a tremendous amount of disinformation about China.” It also called on Meta to “take concrete steps to weed out disinformation on China.”
The social media giant said it also blocked thousands of malicious website domains as well as attempts to run fake accounts and Pages on its platforms connected to the Russian operation known as Doppelganger, which has been attributed to two companies named Structura National Technologies and Social Design Agency.
Detect, Respond, Protect: ITDR and SSPM for Complete SaaS Security
Discover how Identity Threat Detection & Response (ITDR) identifies and mitigates threats with the help of SSPM. Learn how to secure your corporate SaaS applications and protect your data, even after a breach.
“This operation was focused on mimicking websites of mainstream news outlets and government entities to post fake articles aimed at weakening support for Ukraine,” Rosen said. “It has now expanded beyond initially targeting France, Germany, and Ukraine to also include the U.S. and Israel.”
The use of typosquatting techniques in the domain names to pass off as legitimate news sites is a “good example of how bad actors use malicious domains to insulate themselves from enforcement,” it said.
Meta characterized Doppelganger as the “largest and the most aggressively-persistent Russian-origin operation” it has dismantled since 2017, adding it also removed networks of accounts that targeted audiences in Turkey.
The development comes on the heels of a new research that found that generative AI models can be harnessed to produce and disseminate misinformation, uncovering a botnet dubbed Fox8 on X (formerly Twitter) that’s engineered to promote blockchain-related content and trick victims into investing in counterfeit cryptocurrencies.