Twitter discloses removal of state-linked information operations

News
By published

Includes accounts from People’s Republic of China, Russia and Turkey

Blue Twitter banner

Twitter disclosed 32,242 accounts in its unique archive of state-linked information operations.

The permanently removed account sets and related content include operations linked to the People's Republic of China (PRC), Russia and Turkey. Twitter suspended the accounts for violations of its platform manipulation policies. It also shared key data from the disclosure with the Australian Strategic Policy Institute (ASPI) and Stanford Internet Observatory (SIO).

People’s Republic of China (PRC)

Who’s going to buy Twitter? Technology 2008: From Blu-ray to Twitter Teenage Twitter systems hacker admits guilt Twitter rejects Facebook offer

Twitter first identified PRC’s activity in August 2019, and technical links in the new network remain consistent with this activity. The proactive removal of these accounts relates to its technical efforts following the study and investigation of the PRC’s past coordinated information operations.

The current PRC disclosure involves two sets of interconnected accounts:

  1. 23,750 accounts from the network’s highly-engaged core, which did not gain traction on Twitter, and have low follower accounts and low engagement
  2. About 150,000 amplifier accounts, which have little to no follower accounts and artificially inflate impression metrics by engaging with core accounts; these accounts were not included in the public archive

Accounts in this network engaged in manipulative and coordinated activities, tweeting mostly in Chinese to promote geopolitical narratives about the Communist Party of China and to publish falsehoods about Hong Kong politics.

Russia

Twitter investigated accounts tied to Current Policy, a media website that engages in Russian state-supported political propaganda. It suspended and disclosed 1,152 accounts and associated media for violating Twitter’s platform manipulation policy by cross-posting and amplifying politically motivated content in an inauthentic, coordinated way.

Turkey

Twitter detected this network of accounts in early 2020, which used coordinated inauthentic activity to target mostly domestic audiences. Analysis of the network’s technical indicators and account behaviors determined that 7,340 accounts were being used to promote the AK Parti (a conservative political party, also known as the Justice and Development Party) and show support for President Erdogan.

Accounts were determined to be associated with the AK Parti’s youth wing and a centralized network with compromised accounts. The network includes compromised accounts tied to organizations critical of President Erdogan and the Turkish government.

The aforementioned state actors have repeatedly targeted compromised accounts through account hacking and takeover efforts. Commercial activities, including cryptocurrency spam, also took place across the network.

David Gargaro

David Gargaro has been providing content writing and copy editing services for more than 20 years. He has worked with companies across numerous industries, including (but not limited to) advertising, publishing, marketing, real estate, finance, insurance, law, automotive, construction, human resources, restoration services, and manufacturing. He has also managed a team of freelancers as the managing editor of a small publishing company.

Male software developer using AI coding tools on a laptop computer while sitting at a desk with earphones on in an open-plan office environment.

Lenovo: Enterprises aren't ready to take advantage of AI productivity gains
Oracle

UK cloud infrastructure set for boost amid $5 billion Oracle investment
A CGI render of a warning symbol representing malware, sitting on an abstract computer surface. Decorative: the warning sign is glowing red and there is blue and yellow diffused light throughout.

What is an APT and how are they tracked?
See more latest
Most Popular
Male software developer using AI coding tools on a laptop computer while sitting at a desk with earphones on in an open-plan office environment.
Lenovo: Enterprises aren't ready to take advantage of AI productivity gains
Oracle
UK cloud infrastructure set for boost amid $5 billion Oracle investment
Cisco logo and branding pictured at the Mobile World Congress in Barcelona, 2023.
Cisco unveils new agentic AI tools to improve customer and employee experience
Thomas Kurian, CEO at Google Cloud, sat next to Demis Hassabis, CEO at Google DeepMind, Mark Read, CEO at WPP, and Allison Kirkby, CEO at BT Group, at the Gemini for the United Kingdom live event held at the Google DeepMind HQ in London.
Google Cloud announces UK data residency for agentic AI services
A hand on a keyboard in a dark room
Alleged LockBit developer extradited to the US
Github logo on a laptop computer arranged in the Brooklyn borough of New York, US, on Friday, March 31, 2023
Organizations urged to act fast after GitHub Action supply chain attack
Female job candidate with short hair participating in a video call interview while using AI tools on small tablet device out of view of the recruiter.
‘If you want to look like a flesh-bound chatbot, then by all means use an AI teleprompter’: Amazon banned candidates from using AI tools during interviews – here’s why you should never use them to secure a job
Jeremy Fleming, former head of GCHQ, onstage with Haider Pasha, chief security officer, EMEA & LATAM at Palo Alto Networks at Ignite London 2025.
Businesses must get better at sharing cyber information, urges former GCHQ chief
A Dell Inspiron 14 AI PC pictured inside a Best Buy store on Black Friday in Pinole.
AI PCs are becoming a no-brainer for IT decision makers
Wifi symbol, internet connection, business, global communication, mobile network, 5g, mobile phone
94% of Wi-Fi networks are vulnerable to deauthentication attacks