Summary: A person who presents as an official member of a political party, such as leaders of political parties, candidates standing to represent constituents, and campaign staff.
Presenting as an official of a political party is not an indication of inauthentic behaviour, however threat actors may fabricate individuals who work in political parties to add credibility to their narratives (T0143.002: Fabricated Persona, T0097.110: Party Official Persona). They may also impersonate existing officials of political parties (T0143.003: Impersonated Persona, T0097.110: Party Official Persona).
Legitimate members of political parties could use their persona for malicious purposes, or be exploited by threat actors (T0143.001: Authentic Persona, T0097.110: Party Official Persona). For example, an electoral candidate could take money for using their position to provide legitimacy to a false narrative, or be tricked into doing so without their knowledge.
Associated Techniques and Sub-techniques
T0097.111: Government Official Persona: Analysts should use this sub-technique to catalogue cases where an individual is presenting as a member of a government.
Some party officials will also be government officials. For example, in the United Kingdom the head of government is commonly also the head of their political party.
Some party officials won’t be government officials. For example, members of a party standing in an election, or party officials who work outside of government (e.g. campaign staff).
Tactic: TA16 Establish Legitimacy
Parent Technique: T0097 Present Persona
| Associated Technique | Description |
|---|---|
| T0097.111 Government Official Persona | Analysts should use this sub-technique to catalogue cases where an individual is presenting as a member of a government. Some party officials will also be government officials. For example, in the United Kingdom the head of government is commonly also the head of their political party. Some party officials won’t be government officials. For example, members of a party standing in an election, or party officials who work outside of government (e.g. campaign staff). |
| Incident | Descriptions given for this incident |
|---|---|
| I00065 'Ghostwriter' Influence Campaign: Unknown Actors Leverage Website Compromises and Fabricated Content to Push Narratives Aligned With Russian Security Interests | "In the days leading up to the UK’s [2017] general election, youths looking for love online encountered a whole new kind of Tinder nightmare. A group of young activists built a Tinder chatbot to co-opt profiles and persuade swing voters to support Labour. The bot accounts sent 30,000-40,000 messages to targeted 18-25 year olds in battleground constituencies like Dudley North, which Labour ended up winning by only 22 votes. "Tinder is a dating app where users swipe right to indicate attraction and interest in a potential partner. If both people swipe right on each other’s profile, a dialogue box becomes available for them to privately chat. After meeting their crowdfunding goal of only £500, the team built a tool which took over and operated the accounts of recruited Tinder-users. By upgrading the profiles to Tinder Premium, the team was able to place bots in any contested constituency across the UK. Once planted, the bots swiped right on all users in the attempt to get the largest number of matches and inquire into their voting intentions." This incident matches T0151.017: Dating Platform, as users of Tinder were targeted in an attempt to persuade users to vote for a particular party in the upcoming election, rather than for the purpose of connecting those who were authentically interested in dating each other. |
| I00075 How Russia Meddles Abroad for Profit: Cash, Trolls and a Cult Leader | “On Facebook, Rita, Alona and Christina appeared to be just like the millions of other U.S citizens sharing their lives with the world. They discussed family outings, shared emojis and commented on each other's photographs. “In reality, the three accounts were part of a highly-targeted cybercrime operation, used to spread malware that was able to steal passwords and spy on victims. “Hackers with links to Lebanon likely ran the covert scheme using a strain of malware dubbed "Tempting Cedar Spyware," according to researchers from Prague-based anti-virus company Avast, which detailed its findings in a report released on Wednesday. “In a honey trap tactic as old as time, the culprits' targets were mostly male, and lured by fake attractive women. “In the attack, hackers would send flirtatious messages using Facebook to the chosen victims, encouraging them to download a second , booby-trapped, chat application known as Kik Messenger to have "more secure" conversations. Upon analysis, Avast experts found that "many fell for the trap.”” In this example threat actors took on the persona of a romantic suitor on Facebook, directing their targets to another platform (T0097:109 Romantic Suitor Persona, T0145.006: Attractive Person Account Imagery, T0143.002: Fabricated Persona). |
| I00076 Network of Social Media Accounts Impersonates U.S. Political Candidates, Leverages U.S. and Israeli Media in Support of Iranian Interests | “A Chinese disinformation network operating fictitious employee personas across the internet used a front company in London to recruit content creators and translators around the world, according to Meta. “The operation used a company called London New Europe Media, registered to an address on the upmarket Kensington High Street, that attempted to recruit real people to help it produce content. It is not clear how many people it ultimately recruited. “London New Europe Media also “tried to engage individuals to record English-language videos scripted by the network,” in one case leading to a recording criticizing the United States being posted on YouTube, said Meta”. In this example a front company was used (T0097.205: Business Persona) to enable actors to recruit targets for producing content (T0097.106: Recruiter Persona, T0143.002: Fabricated Persona). |
| I00096 China ramps up use of AI misinformation | “Some Twitter accounts in the network [of inauthentic accounts attributed to Iran] impersonated Republican political candidates that ran for House of Representatives seats in the 2018 U.S. congressional midterms. These accounts appropriated the candidates’ photographs and, in some cases, plagiarized tweets from the real individuals’ accounts. Aside from impersonating real U.S. political candidates, the behavior and activity of these accounts resembled that of the others in the network. “For example, the account @livengood_marla impersonated Marla Livengood, a 2018 candidate for California’s 9th Congressional District, using a photograph of Livengood and a campaign banner for its profile and background pictures. The account began tweeting on Sept. 24, 2018, with its first tweet plagiarizing one from Livengood’s official account earlier that month” [...] “In another example, the account @ButlerJineea impersonated Jineea Butler, a 2018 candidate for New York’s 13th Congressional District, using a photograph of Butler for its profile picture and incorporating her campaign slogans into its background picture, as well as claiming in its Twitter bio to be a “US House candidate, NY-13” and linking to Butler’s website, jineeabutlerforcongress[.]com.” In this example actors impersonated existing political candidates (T0097.110: Member of Political Party Persona, T0143.003: Impersonated Persona), strengthening the impersonation by copying legitimate accounts’ imagery (T0145.001: Copy Account Imagery), and copying its previous posts (T0084.002: Plagiarise Content). |
| I00142 Picture of Bono and Bob Geldof holding Israeli flags is AI-generated | Posts shared on social media, including by Greek politician and economist Yanis Varoufakis (T0097.110: Party Official Persona, T0143.001: Authentic Persona), include a screenshot of a post on X (formerly Twitter) which is captioned: “BREAKING: Bono and Bob Geldof stage two-man vigil outside the Israeli Embassy in Dublin.” (T0162.006: AI-Generated Content Incorrectly Presented as Depicting Reality, T0162.011: Content Originally Produced as Satire Presented as Not Satire) The bio for the X account which appears to have originally posted the image on 16 December describes itself as offering “fake news and topical satire” (T0097.202: News Outlet Persona, T0143.004: Parody Persona). A post on 18 December from the same account confirmed the image was “fake”. The person behind the account also told fact checkers at Ireland’s The Journal that “the image was created by Grok AI and the tweet is satire”. (T0166: AI-Generated Content, T0160.005: Content Produced as Satire) [...] There are several other clues suggesting the picture has been generated by AI. The Israeli flag Mr Geldof is holding is wrong. It should have a white background with two horizontal blue stripes and a central Star of David—but in the picture, it has two additional vertical blue stripes. The fingers on Mr Geldof’s right hand are also slightly distorted. As we have written before, AI image generators often have particular difficulty replicating fingers. In addition to this, there is no evidence that the singers staged a vigil outside the Israeli embassy in Dublin. This week Israel announced it will close its embassy in Dublin over "the extreme anti-Israel policies of the Irish government". But there are no credible media reports that Bono or Mr Geldof have staged any such vigil at the embassy. |
| I00156 Clipped video shared to claim Haryana CM didn't drink Yamuna river water | Ahead of the 2025 Delhi Legislative Assembly elections, the official X account of the governing Aam Aadmi Party (AAP) (T0097.110: Party Official Persona, T0143.001: Authentic Persona) and multiple AAP-affiliated users have circulated a video of Haryana Chief Minister Nayab Singh Saini, claiming that he "pretended to drink the Yamuna water and then spat the water back into the river." Former Delhi Chief Minister and Aam Aadmi Party (AAP) chief Arvind Kejriwal also shared this video with the caption, “Haryana Chief Minister Naib Singh Saini pretended to drink Yamuna water... and then spat the same water back into the Yamuna. When I said that Yamuna water could be dangerous for the lives of Delhiites due to ammonia contamination, they threatened to file an FIR against me. They want to make the people of Delhi drink the same poisonous water which they themselves cannot drink. I will never let this happen (sic) (translated from Hindi)." At the time of writing this story, the post had amassed over 1 million views and 9,700 likes. [...] However, we found a longer version of the viral video in which Saini can be seen drinking the Yamuna water (T0162.008: Context Reframed by Edits to Media, T0165.001: Clipped Content). We conducted a Google search using relevant keywords and found an extended video shared by multiple news outlets and Bharatiya Janata Party (BJP)-affiliated accounts. The video shows Saini first spitting out some water and then taking a sip of the river water. The full video was uploaded by news agency ANI on January 29, 2025, with the caption, “#WATCH |
| I00166 Old video from Guatemala of woman set ablaze by mob shared as India | A horrific video of a young woman set ablaze by a mob has been posted on social media [in October 2019] with the implication that the incident took place in India, and is the handiwork of the Rashtriya Swayamsevak Sangh (RSS). [...] The above image is a screenshot of a tweet posted on October 6 [2019] by an account claiming to be Pakistani politician Aitzaz Ahsan (T0097.110: Party Official Persona). His tweet has been retweeted over 2400 times so far. The message along with it, posted in Urdu, rather loosely translates to, “The RSS terrorist organization occupied the whole of India, controlling them from the film industry to the Indian Army. And yet so much grace on them, even our media groups speak their language.” It is clear that the blame for the ghastly incident is placed on the RSS, suggesting that the incident took place in India. The video in question is old (T0162.003: Historic Content Incorrectly Presented as Current), and not from India (T0162.004: Content Incorrectly Presented as Depicting Another Location). The incident had occurred in Guatemala in Central America. The woman seen in the video was accused of having murdered a cab driver along with two male accomplices. She was apprehended by a mob and lynched. Her accomplices meanwhile had managed to escape. The incident had been covered extensively by the media when it had occurred in early 2015. In 2017, the same video was shared with the false, communal narrative that it represented a Marwari woman who had married a Muslim man and was lynched because she refused to wear a burqa (T0160.006: Content Previously Fact Checked). Again, in 2018, the video was portrayed by certain sections on social media as a Hindu girl burnt alive in Madhya Pradesh because she had attended a prayer meeting at a church (T0160.006: Content Previously Fact Checked). |
| Counters | Response types |
|---|
DO NOT EDIT ABOVE THIS LINE - PLEASE ADD NOTES BELOW