Meta uncovers Facebook disinformation, hacking campaigns targeting Ukraine

Protesters hold signs as they show support at a Stand With Ukraine Rally in Times Square in New York City on Saturday. More than 50,000 Ukrainians have fled their country since Russia invaded. Photo by John Angelillo/UP

Feb. 28 (UPI) — Facebook’ s parent company Meta said it has uncovered disinformation and hacking campaigns targeting Ukrainians amid Russia’s invasion of their country.

The company said in a statement Sunday that the efforts were caught as its has been on “high alert” for emerging threats in response to Russia’s large-scale invasion of its neighbor that was launched early least week.

The effort operated from Russia and Ukraine sought to target Ukrainians through the social media platforms and individual website, it said.

Through the use of fake personas, users were directed to websites masquerading as independent news outlets that published content stating the West had betrayed Ukraine and that Kyiv was a failed state.

“This operation centered around off-platform websites posing as independent news entities and used face accounts to amplify their stories, which were largely focused on undermining trust in the Ukrainian government,” Nathaniel Gleicher, head of security policy at Meta, explained on Twitter.

Meta said there were links between this network and the on it removed in April 2020 that was connected to individuals in Russia and Ukraine’s Donbas region as well as two media organizations in Crimea.

None of the network’s accounts had more than 4,000 Facebook followers or 500 on Instagram but it operated fake accounts across social media platforms including Twitter, YouTube, Telegram and Russia’s Odnoklassniki and VK, Meta said, adding the operation has been removed.

Meta said it has also seen a surge in targeting of Ukrainians, including members of the military and public figures, to post demoralizing content on their social media sites.

The company accused Belarusian government-linked Ghostwriter threat group of targeting Facebook users to post YouTube videos that negatively portray Ukrainian Troops.

One of the videos claimed to show Ukrainian soldiers exiting a forest while flying a white flag of surrender, it said.

Ghostwriter typically attempts to get access to social media accounts through compromising their target’s email. Once with access to the target’s social media accounts, the threat actor would post disinformation that would then look like it was coming from the legitimate owner of the account.

Cybersecurity firm Mandiant has said that Ghostwriter has targeted government and private sector entities in Ukraine, Lithuanian, Latvia, Poland and Germany since at least 2016.

The efforts of the group are consistent with the interests of the Belarusian government, and Mandiant said it is is confident that the European country is at least partially responsible for its actions, though Russia may also be involved.

Belarus is a close ally to Russia is where the Kremlin had stationed troops prior to its attack on Ukraine.

Meta said it has taken efforts to secure the accounts that it believes were targeted as well as blocked phishing domains Ghostwriter used to try and trick Ukrainians into compromising their accounts.

Gleicher added on Twitter that they have also seen an increase in targeting of protesters in Russia, and in response Meta has rollout out tools that allow people to lock their profiles to Russia and Ukraine, meaning only their friends will be able to interact with their account.

They have also removed the ability view and search the friends lists of Facebook accounts in Ukraine to prevent people from being targeted and they are also sending reminders to Instagram users in Ukraine that they can set their accounts to private.

LEAVE A REPLY

Please enter your comment!
Please enter your name here