TL;DR
How a wave of misinformation, impersonation, and doxxing fueled anti-migrant violence in Spain, and what Trust and Safety teams can learn.
Introduction
According to reports, over the weekend of 11 to 13 July 2025, the small Spanish town of Torre Pacheco in Murcia became the epicenter of violent anti-migrant riots. Sparked by a real-world assault on a pensioner on July 9, the situation quickly escalated, not because of facts, but because of false narratives spreading rapidly across social and fringe platforms. ActiveFence’s misinformation researchers had long tracked the networks behind these escalations. We identified early calls to violence, traced the spread of disinformation, and surfaced patterns of cross-country coordination that drove the unrest.
A Surge of Misinformation Fueled the Violence
What began as online outrage quickly evolved into dangerous offline mobilization. Key elements of the misinformation surge included:
- Misattributed video: A video of an unrelated assault in Almería was falsely labeled as footage of the Torre Pacheco incident, stoking ethnic tensions.
- Doxxing: PII of North African men, unrelated to the assault, was widely circulated with explicit calls for revenge.
- Impersonation: A fake statement attributed to the Torre Pacheco Town Hall calling for anti-migrant actions was picked up by Russian state-affiliated media, lending it false credibility.
- Misleading content: Unrelated videos of street fights were reframed to suggest violent migrant attacks during the unrest.
- Imported narratives: Far-right accounts from across Europe framed the incident as evidence of a “Great Replacement” conspiracy.
This storm of falsehoods spread across fringe platforms and mainstream networks alike, amplified by well-connected extremist groups and disinformation actors.

Who’s Behind It: Decentralized Hate Networks
At the center of the online coordination was Telegram group #DeportThemNow, whose Spanish admin was arrested for hate speech after promoting “migrant hunts” in Torre Pacheco. But this group wasn’t operating in isolation. It is part of a broader, transnational network of anti-migrant channels with branches in France, Germany, UK, Italy, Poland, and the Netherlands. These groups routinely rebrand, use Telegram for planning and X (formerly Twitter) for amplification, and spread low-effort AI-generated memes and violent rhetoric under the guise of “community protection.” Crucially, these actors mix real crime stories with manipulated content to stoke emotional responses and justify violence. [caption id="attachment_10979" align="alignnone" width="260"]

An AI generated photo from "DeportThemNow" calls to "Hunt the Maghrebi" and includes the group's logo[/caption]
A Familiar and Established Local Actor
Another known figure also played a role: Daniel Esteve, leader of Desokupa, infamous for organizing extrajudicial “evictions” of migrant families. ActiveFence first documented Esteve’s coordinated online campaigns back in 2023. His ability to mobilize both digital and physical action continues to make him a dangerous vector of hate-fueled mobilization.
Platform Gaps Exposed
Despite platform policies, much of the content that drove the violence remained live for days across languages and accounts. The events revealed several platform weaknesses:
- Slow response to geo-specific threats
- Coordinated inauthentic behavior through bots and impersonation tactics
- The illusion of legitimacy through fake official statements
- Emotionally manipulative content that spreads faster than fact-checking can keep up
Why This Matters
Torre Pacheco is not an isolated incident; it’s part of an emerging pattern of hybrid threats where misinformation, hate networks, and platform vulnerabilities converge. For Trust & Safety teams, the takeaways are clear:
- Online hate is increasingly multilingual, cross-border, and intentionally provocative.
- Escalations are not random; they are architected by networks that blend real incidents with false narratives.
- The goal is not merely to spread lies. It’s to incite action.
How ActiveFence Helps
At ActiveFence, our Threat Intelligence capabilities are built to detect these patterns early, before they escalate. We identify coordinated narratives, monitor the evolution of digital hate campaigns, and provide enforcement-ready intelligence to help platforms mitigate risk in real time. If you’re building GenAI, social platforms, or community-driven services, understanding how disinformation and extremist content evolves is essential to keeping users safe, and your platform compliant. Want to better detect and respond to threats like those seen in Torre Pacheco? Speak to our team.
Facing evolving disinformation threats?
Talk to our expertsWhat’s New from Alice
Curiouser Soundbites: What a Former Google Cloud CISO Wants Leaders to Know About AI
Everyone's watching the flood of new AI vulnerabilities. Former Google Cloud CISO Phil Venables is watching something else, and it's the shift leaders can't afford to miss.
AI in Healthcare: Protecting Patient Data Without Falling Behind
Your doctor knows things about you that almost nobody else does. So what happens when AI gets access to all of it? Sandy Dunn has spent much of her career worrying about exactly that. She's a healthcare CISO, and her answer is calmer than you'd think: the things that can go wrong aren't new, it's how fast they happen and how far the damage spreads. In this episode, she and Mo get into why HIPAA has become paperwork that protects almost nobody, why the safest data is the data you never collected, and what happens to trust when AI is in the exam room.
It Takes AI to Break AI: The Case for AI Red Teaming
As AI systems gain autonomy, organizations need security approaches built specifically for AI behavior. Learn why AI-driven red teaming is becoming a critical defense layer.
Demystifying AI Red Teaming
Your AI passed every check. That doesn't mean it's safe. Learn how to red team AI systems before adversaries find the gaps you missed.
