- 1/ Yesterday’s Q2-Q3 Adversarial Threat Report by Meta was interesting in many ways. For us @citizenlab.ca, it was a blast from the past. For the first time, Meta’s investigators attributed what in 2019 we had named Endless Mayfly - a relentless, sophisticated influence op targeting Iran’s enemies.
Dec 12, 2025 16:15
- 2/ Meta notes: “Our investigation has compiled multiple, corroborating lines of evidence […] that attribute this multi-year operation to Iran’s International Union of Virtual Media (IUVM), a sanctioned propaganda group with close links to the Iranian government.”
- 3/ Meta’s attribution tied Endless Mayfly to a broader set of campaigns that the company has disrupted on its platforms repeatedly over the years.
- 4/ Why was Endless Mayfly special? We reported about it in 2019, but tracked the origin of that specific part of the campaign to at least 2017. Despite coming early into the online IO landscape - or what we now know of it - this actor was *skilled*. And it used some frustrating evasion techniques.
- 5/ Their “ephemeral disinformation” technique was later seen with other actors, and in different contexts. We won’t award a prize for who came up first with it… but we will say: it was effective. And intentionally confusing.
- 6/ To the point that… it’s still being used today. And very likely, also by the governments targeted here in the first place. In October 2025, we reported on PRISONBREAK, a most likely Israeli-run IO targeting Iran. They had a variation on the ephemerality theme: fake links to real news outlets.
- 7/ Will Endless Mayfly cease their operations now that they have been repeatedly exposed, disrupted, and finally attributed? Maybe. But there is reason to believe that their ability to pollute the information ecosystem will make them resilient to such setbacks. It’s key to stay vigilant.
- 8/ Meta’s Adversarial Threat Report as described by @dagrano.bsky.social:
- We just launched our new and expanded Adversarial Threat Report! We've been reporting on online threats like foreign interference for 7 years, but today's report expands our work to cover fraud, scams, and AI security threats. There's a ton in the report, I'll try to break it down in this thread. 1/
- 9/ The “Burned After Reading” authors: @gabriellelim.bsky.social , @tek.randhome.io , @jsrailton.bsky.social , @rondeibert.bsky.social , Ned Moran, and yours truly.
