Meta says it shut down influence, hacking campaigns targeting Ukraine

The influence network engaged in what Facebook calls “coordinated inauthentic behavior,” or groups of Facebook accounts and pages that operate under false names and fake profile photos to spread targeted messages across the platform
Image: Justin Sullivan / Getty Images via AFP

Meta, the parent company of Facebook, said Sunday night that it had shut down influence and hacking campaigns targeting its users in Ukraine. The efforts were tied to people in Russia and Ukraine, as well as to a hacking group thought to be affiliated with Belarus, Meta executives said.

One operation spread links to misleading news articles that claimed Ukraine was a “failed state,” and included messages of support for the Russian government. Meta said it found evidence the effort was linked to another operation the company had disclosed in 2020 that included two publishers, News Front and South Front. The publishers operate out of Crimea and have long been used to spread propaganda targeting enemies of the Kremlin.

The influence network engaged in what Facebook calls “coordinated inauthentic behavior,” or groups of Facebook accounts and pages that operate under false names and fake profile photos to spread targeted messages across the platform.

The campaign received fewer than 5,000 followers across Facebook and Instagram before being taken offline, Meta officials said.

Meta said the disinformation campaign was active on other social media platforms, including Twitter, YouTube, European social network VK, Russian social platform Odnoklassniki and the chat app Telegram.

A Twitter spokesperson said the company had removed more than a dozen accounts that participated in the campaign and blocked several links from being shared on Twitter. “The accounts and links originated in Russia and were attempting to disrupt the public conversation around the ongoing conflict in Ukraine,” the Twitter spokesperson said.

Meta said it had also detected a hacking operation that targeted military leaders and politicians in Ukraine, as well as at least one journalist. The effort, which Meta said was linked to the hacking group Ghostwriter, attempted to take over these high-profile accounts and then use them to spread disinformation.

Ghostwriter has targeted politicians in Eastern Europe for several years, often pushing narratives that oppose NATO and the United States. The hacking group was long thought to be affiliated with Russia. But in November, the threat intelligence firm Mandiant discovered that the group was linked to Belarus.

“Ghostwriter has previously targeted the NATO alliance, seeking to erode support for the organization,” Ben Read, a director at Mandiant, said in a statement. “I wouldn’t be surprised if similar operations were seen in the near future.”

A small number of high-profile individuals were targeted, and several Facebook accounts were compromised, Meta executives said. Some posts on those accounts attempted to portray the Ukrainian military surrendering, sharing videos of soldiers walking out of a forest waving a white flag. Facebook was able, in some cases, to block the hackers from posting.

“Historically, what we’ve seen from Ghostwriter is targeting of military, public figures, journalists and politicians across Europe,” said David Agranovich, a director of threat disruption at Meta. “Since the invasion, we’ve seen a pivot in Ghostwriter’s focus to people in Ukraine.”

Meta is among a number of Silicon Valley social media companies under pressure as Russian operatives attempt to spread digital propaganda campaigns across the internet in tandem with President Vladimir Putin’s siege of Ukraine.

Meta has focused on taking action against entities that violate the company’s policies regulating behavior on its platforms. Meta, YouTube and Twitter have also blocked Russian state media outlets from monetizing their pages on the platforms.

©2019 New York Times News Service