Endless Mayfly

From ADTAC Disinformation Inventory

Endless Mayfly was an Iranian-affiliated operation consisting of 11 personas, 135 fake articles, 72 domains, and 160 persona bylines.[1] The campaign was critical of Saudi Arabia, the United States, and Israel. They generated websites where were designed to impersonate legitimate media outlets like the Guardian, The Harvard Belfer Center or Le Soir using typo squatting (either in typos, punycode) and having domain names similar to the original but using slightly different lettering or changing the top level domain where the ending is .net instead of .org[2][3]

False profiles would spread the content over social media and they would get in contact with journalists either through privately or publicly. After their content received a certain level of exposure they would permanently delete their false articles as well as links to these articles.[4] At times the operation’s stories reached mainstream media outlets. In 2018 Facebook in association with FireEye took down accounts and pages associated with Endless Mayfly.[5] They campaign has 4 separate phases of operation and actively experimented with different techniques. The briefly used bots to try to amplify their story. Additionally they created a false environment which replicated twitter which was designed to spread malware.[6]

Black Boxing Output