Meta’s Q3 2024 Adversarial Threat Report: Global Disinformation Networks Disrupted

by do son · Published December 9, 2024 · Updated December 9, 2024

Meta has released its Third Quarter Adversarial Threat Report for 2024, detailing the disruption of five covert influence operations across the globe, including networks originating in India, Iran, Lebanon, and Moldova, and an update on the long-running Russian operation known as Doppelganger.

The report reveals significant findings about the global threat landscape, emphasizing the persistent threats posed by coordinated inauthentic behavior (CIB). As Margarita Franklin, Director of Public Affairs, Security, notes, “We view CIB as coordinated efforts to manipulate public debate for a strategic goal, in which fake accounts are central to the operation.”

Since 2017, Meta has disrupted 39 Russia-origin CIB operations, making the country the top source of such activity. Close behind are Iran with 31 networks and China with 11. In 2024 alone, Meta dismantled 20 new covert influence operations spanning the Middle East, Asia, Europe, and the U.S.

Example of Doppelganger staging and hosting content on Pinterest which they later attempted to
promote on Facebook. The ads were blocked and never ran. | Source: Meta

A significant finding of the report is the use of generative AI by some networks. While AI-powered tactics have increased productivity for threat actors, Meta states that “GenAI-powered tactics have provided only incremental productivity and content-generation gains to the threat actors” and have not impeded Meta’s ability to disrupt their activities.

Moldova: One network originating in Transnistria, Moldova, aimed to manipulate Russian-speaking audiences. Operating across multiple platforms, including Facebook, Telegram, and TikTok, the network posed as independent news brands, such as MoldovanMole and Gagauzia on Air. Using fake accounts and AI-generated profile photos, the group amplified pro-Russia narratives while targeting pro-EU figures. Meta’s investigation revealed “the vast majority of its followers were outside of Moldova, suggesting the use of inauthentic engagement tactics.”

India: Two separate operations in India focused on amplifying political narratives. One network targeted the Odisha region, creating fictitious personas to discuss local elections and candidates, while another promoted political parties and economic development narratives. Both efforts used “relatively consistent operational security aimed to conceal deceptive activity.”

Iran: Iran’s Cotton Sandstorm network focused on anti-West campaigns, employing AI-generated videos and infographics. Among its tactics was the creation of fake news websites, such as Jerusalem News, where operators claimed to host hacked Israeli government documents. The report linked this network to Iran’s Islamic Revolutionary Guard Corps (IRGC).

Lebanon: A Lebanese network targeted Israeli audiences, spreading content through fictitious news entities like Israel in a Minute. Meta noted that “one of the brands frequently posted AI-generated video newsreaders,” blending geopolitical and socio-political topics with non-political content to appear credible.

Russia: Doppelganger’s Resilience: Meta’s ongoing battle with Doppelganger, a Russia-based influence operation, continues to dominate headlines. First identified in 2022, Doppelganger uses spoofed websites and exaggerated claims to manipulate global narratives, particularly around the war in Ukraine. “Persistent tactical adaptations lead to strategic failures,” Meta stated, highlighting the group’s declining effectiveness due to relentless takedowns.

Meta emphasized the importance of cross-industry cooperation to combat these threats. The report concluded, “We can collectively raise our cross-industry defenses with a stronger concerted effort to share information and disrupt the internet infrastructure powering these campaigns.”