Facebook Investigate Cyber Threats and Information Operations:

• As a result, simple methods such as blaming the owner of an IP address that was used to establish a fraudulent account are rarely enough to determine who is to blame.
• Instead, we make an effort to:
• Connect suspicious activity to the person or group responsible for the malicious action's principal operational responsibility. We can then link several campaigns to a single set of perpetrators, investigate how they exploit our systems, and take appropriate responses.
• Make a connection between a certain actor and a real-world sponsor. A political organisation, a nation-state, or a non-political body could be included.

Read More: How can you tell if non-friends have viewed your Facebook profile?