Islamabad: A coordinated covert disinformation campaign involving accounts linked to India and Afghanistan has been uncovered, with operators allegedly posing as Iranian officials and media outlets to spread misleading narratives targeting Pakistan.
According to a detailed investigation, the network appears to operate in a structured manner, beginning with fake accounts based in India and Afghanistan.
These accounts were among the first to circulate false claims, including allegations that Pakistan had “betrayed” Iran in relation to oil shipments through the Strait of Hormuz.
The report shows that these initial accounts were followed and amplified by a wider network of profiles, many of which exhibit suspicious patterns.
The report highlights that several accounts were either based in Afghanistan or India and connected via Afghan mobile applications, while also showing frequent username changes — a common tactic used to evade detection.
Further analysis indicates centralized coordination rather than isolated activity. The network then expands through “amplifier” accounts, which significantly boost the reach of the content.
The second phase of the campaign points to India-linked accounts acting as amplifiers. The network appears to follow a structured pattern, beginning with accounts believed to be operating from Afghanistan that initiate and circulate false or misleading claims.
These narratives are then picked up and amplified by a wider cluster of accounts, significantly increasing their reach and visibility across social media platforms.
These accounts rebranded themselves as media outlets — including those posing as Iranian or Western news organizations — to lend credibility to the false claims.
Evidence presented in the report includes username histories and location data indicating links to Indian regions such as Bihar.
One notable tactic identified is the rebranding of accounts, with profiles changing names from unrelated identities to ones resembling Iranian figures or news agencies, while retaining older metadata tied to different geographic locations.
In some cases, accounts portraying Iranian religious or political commentary were previously operated under entirely different identities.
The campaign appears designed to exploit regional sensitivities and create distrust between Pakistan and Iran by disseminating fabricated statements and misleading narratives through seemingly credible sources.
Investigators say several of these accounts display suspicious digital behavior, including frequent username changes, unclear identities, and inconsistencies in location data.
Analysts warn that such coordinated digital operations reflect a growing trend of hybrid information warfare, where networks of fake and repurposed accounts are used to manipulate public discourse and international perceptions.
In many cases, accounts presenting themselves as Iranian officials or affiliated entities lack verifiable credentials and do not correspond to any official or recognized sources.
Experts describe this as a form of coordinated inauthentic behavior, where networks of accounts work in tandem to manipulate online discourse. The combination of impersonation, strategic amplification, and rebranding highlights the evolving nature of digital misinformation campaigns.
Observers stress that such operations underscore the importance of verifying sources and relying on official channels, especially when encountering claims attributed to government officials or international actors.
Investigators further note that the network demonstrates characteristics of a coordinated inauthentic behavior (CIB) pattern, where multiple accounts operate in sync to push identical or similar narratives within a short time frame.
The use of geographically dispersed accounts — with initiators linked to Afghanistan and amplifiers connected to India — suggests a layered strategy aimed at maximizing reach while masking origin.
Additionally, the creation of accounts mimicking credible media brands or officials indicates an attempt to build false legitimacy and bypass user skepticism.
