As mentioned in our baseline report, a key part of our strategy to prevent interference is working with government authorities, law enforcement, security experts, civil society and other tech companies to stop emerging threats by establishing a direct line of communication, sharing knowledge and identifying opportunities for collaboration. 

In May 2025, we shared our Adversarial Threat Report with information on threat research into new covert influence operations that we took down. We detected and removed these campaigns before they were able to build authentic audiences on our apps. 

Romania: We took action against 658 accounts on Facebook and 14 Pages for violating our policy against coordinated inauthentic behavior. This network originated in and targeted users in Romania across multiple internet services. Fake accounts – some of which were detected and disabled by our automated systems prior to our investigation – were used to manage Pages, drive people to off-platform websites, and comment on posts by politicians and news entities. The majority of these comments received no engagement from authentic audiences. These accounts posed as locals in Romania posting about sports, travel, or local news and had a corresponding presence on YouTube, X, and TikTok, likely to backstop their fictitious personas and entities across the internet in an attempt to make them appear more credible. This campaign showed consistent operational security (OpSec) to conceal its origin and coordination, including by relying on proxy IP infrastructure. 

We found this network as a result of our internal investigation into suspected coordinated inauthentic behavior in the region.