Meta Takes Down Global CIB Operations from Iran, China, and Romania

I. INTRODUCTION

Meta’s latest Adversarial Threat Report details the detection and dismantling of three global Coor-dinated Inauthentic Behaviour (CIB) campaigns attributed to actors based in China, Iran, and Romania. [1]

Notably, the report is only twelve pages long, making it the shortest instalment of Meta’s adversarial Threat series to date. This trend toward brevity may suggest a deprioritisation of transparency or a strategic shift in how Meta communicates threat data.

While concise, the report still illustrates that Meta remains actively involved in addressing hostile digital influence efforts.

II. CHINA

Meta attributed a network originating in China with conducting hostile influence operations targeting Myanmar, Taiwan, and Japan. The operation leveraged fake accounts (often featuring AI-generated profile photos) to pose as local users, manage pages, disseminate content, and simulate organic engagement.

The campaign sought to shape public opinion in favour of Chinese political interests. While it criticized civil resistance movements and voiced support for the ruling junta in Myanmar, content targeting Japan attacked the government and condemned its military alliance with the United States. Anonymous posts in Taiwan spread allegations of corruption among political and military leaders, creating the false impression that these narratives emerged organically from local users.[2]

Meta links this campaign to two earlier China-based operations, previously dismantled in September 2022 [3] and February 2024 [4].

III. IRAN

Meta reports that it disrupted an Iranian CIB network at an early stage, aided by automated detection systems and intelligence shared by Google’s Threat Intelligence Group. Operators often impersonated female journalists and spammed popular hashtags (e.g., #starbuck, #instagram) in an attempt to blend into or overwhelm trending conversations.

Posts in Azeri covered current events such as the Paris Olympics, calls to boycott American brands, and criticisms of U.S. foreign policy, President Biden, and Israel’s military actions in Gaza. The campaign also referenced events such as Israel’s 2024 attacks, possibly referring to the ongoing conflict escalation. [5]

IV. ROMANIA

The most extensive campaign by scale originated from Romania, involving approximately 20,000 accounts and $177,000 in ad spending across multiple platforms.

Fake accounts posed as local Romanian users, posting about sports, travel, and regional news. Cross-platform activity on YouTube, X, and TikTok reinforced these personas. According to the report, the operators demonstrated strong operational security (OpSec), using proxy IPs and other measures to obscure coordination and origin.

Meta reports dismantling the operation before attracting a substantial, authentic audience. [6] While Meta did not directly link this campaign to electoral interference, its timing coincides with a broader surge in hostile digital influence activity surrounding the Romanian elections. See our report here for a deep dive into the efforts to influence the Romanian election. [7]

Footnotes:

(1) Meta, Adversarial Threat Report: May – First Quarter 2025, 2025. [online]

Available at: https://transparency.meta.com/metasecurity/threat-reporting. [Accessed June 09, 2025].

(2) Meta, Adversarial Threat Report: May – First Quarter 2025, 2025. [online]

Available at: https://transparency.meta.com/metasecurity/threat-reporting. [Accessed June 09, 2025].

(3) Meta, 2022. Removing Coordinated Inauthentic Behavior From China and Russia. [online]

Available at: https://about.fb.com/news/2022/09/removing-coordinated-inauthentic-behavior-from-china-and-russia/.

[Accessed June 09, 2025].

(4) Meta, Adversarial Threat Report: Feb – Fourth Quarter 2023, 2024. [online]

Available at: https://transparency.meta.com/metasecurity/threat-reporting. [Accessed June 09, 2025].

(5) Meta, Adversarial Threat Report: May – First Quarter 2025, 2025. [online] Available at: https://transparency.meta.com/metasecurity/threat-reporting. [Accessed June 09, 2025].

(6) Meta, Adversarial Threat Report: May – First Quarter 2025, 2025. [online]

Available at: https://transparency.meta.com/metasecurity/threat-reporting. [Accessed June 09, 2025].

(7) Cyfluence Research Center (CRC), The Romanian Presidential Elections 2024: Analysis of Information Operations and Long-term Influence Efforts, 2025, [online] Available at: https://www.cyfluence-research.org/post/the-romanian-presidential-elections-2024-analysis-of-information-operations-and-long-term-inf [Accessed June 09, 2025].

DISCLAIMER

Copyright and License of Product 

This report (the "Product") is the property of Cyfluence Research Center gGmbH ("Cyfluence") and is protected by German and international copyright laws. The User is granted a limited, non-transferable license to use the Product solely for internal purposes. Reproduction, redistribution, or disclosure of the Product, in whole or in part, without prior written consent from Cyfluence is strictly prohibited. All copyright, trademark, and proprietary notices must be maintained.

Disclaimer of Warranties

The Product is provided "as is" without warranties of any kind, express or implied, including but not limited to warranties of merchantability or fitness for a particular purpose. Although Cyfluence takes reasonable measures to screen for viruses and harmful code, it cannot guarantee the Product is free from such risks.

Accuracy of Information 

The information in the Product has been obtained from sources believed to be reliable. However, Cyfluence does not guarantee the information's accuracy, completeness, or adequacy. The User assumes full responsibility for how they use and interpret the Product. Cyfluence is not liable for errors or omissions; opinions may change without notice.

Limitation of Liability

To the fullest extent permitted by law, Cyfluence shall not be liable for any direct, indirect, incidental, or consequential damages, including lost profits or data, arising from the use of or inability to use the Product, even if advised of such possibilities. Liability for intent or gross negligence remains unaffected under German law.

Indemnification

The User agrees to indemnify and hold harmless Cyfluence, its affiliates, licensors, and employees from any claims or damages arising from the User’s use of the Product or violation of these terms.

Third-Party Rights

The provisions regarding Disclaimer of Warranties, Limitation of Liability, and Indemnification extend to Cyfluence, its affiliates, licensors, and their agents, who have the right to enforce these terms.

Governing Law and Jurisdiction 

This Agreement is governed by German law, and any disputes shall be resolved exclusively in the courts of Berlin. If any provision is found invalid, the remaining terms remain in full effect.