In late October, Facebook announced that it had removed a network of Iranian government-connected accounts on Facebook, and Instagram said to have targeted mainly the US and Israel. According to the announcement:
October 27, 2020 Today we removed three separate networks for violating our policy against coordinated inauthentic behavior (CIB). Two of these networks targeted the United States, among other countries, and one network originated in and targeted domestic audiences in Myanmar. In each case, the people behind this activity coordinated with one another and used fake accounts as a central part of their operations to mislead people about who they are and what they are doing, and that was the basis for our action. When we investigate and remove these operations, we focus on behavior rather than content, no matter who’s behind them, what they post, or whether they’re foreign or domestic.
According to its October 2020 Coordinated Inauthentic Behavior Report, the investigation was based on the FBI’s information, and the network was found to have links to another Iranian government network removed in April. The first fake account was part of a US election-related influence operation carried out primarily via email, which attempted to seed false claims and unsubstantiated threats. This led to the exposure of additional dormant accounts and pages connected to Israel, Afghanistan, Saudi Arabia, and others. The announcement explains:
This operation used fake accounts — some of which had been already detected and removed by our automated system. Some of these accounts tried to contact others, including an Afghanistan-focused media outlet, to spread their information. They focused on Saudi Arabia’s activities in the Middle East and claims about an alleged massacre at Eurovision, an international song contest hosted by Israel in 2019…Although the people behind this activity attempted to conceal their identity and coordination, our investigation found limited links to the CIB network we removed in April 2020 and connections to individuals associated with the Iranian government.
The Global Influence Operations Report (GIOR) previously reported on various cyberattacks connected to Iran, so far, mainly in the context of the US Presidential elections:
- A report on cyber-attacks detected by Microsoft targeting the personal accounts of people associated with the Donald Trump Presidential campaign.
- A report on criminal charges raised against Iranian hackers, including the vandalism of US websites.
- A report on the latest DHS Homeland Threat Assessment failed to identify Iranian efforts directed at the elections.
- A report that national security officials had accused Iran of trying to interfere with the upcoming US elections by sending voters fake emails intended to look like they had been sent by the Proud Boys, a far-right, pro-Trump group.
- A report that the US Department of Justice had seized 92 internet domains said to be used by Iran’s Revolutionary Guard as part of a global disinformation campaign.