Facebook’s parent company Meta on Thursday said Russian state actors and others are relentlessly trying to use the social network against the Ukraine with deception, hacking and coordinated bullying campaigns.
Social media networks have become one of the fronts in Russia’s invasion of Ukraine, home to sometimes misleading information but also real-time monitoring of one of the biggest geopolitical crises in decades.
“Since the start of the Russian invasion of Ukraine, our teams have been on high alert to detect and disrupt threats and platform abuse, including attempts to come back by networks we removed before,” Meta said in its latest threat report.
A spike in activity aimed at Ukraine shortly before it was invaded by Russia in February has become an entrenched battle, according to Meta influence operations threat intelligence team leader Ben Nimmo.
[ Read: Threat of Local Cyber Operations Escalating Into Global Cyberwar ]
Tactics have included using bogus accounts to spread false stories such as Ukrainian troops surrendering or call for a street protest in Warsaw against the Polish government.
Meta said it disrupted a network of about 200 Facebook accounts in Russia that were working together to falsely accuse people of violating the social network’s policies to get posts about Ukraine removed.
Those involved tried to disguise their collaboration as a cooking-themed group, according to the social network.
“The majority of these fictitious reports focused on people in Ukraine and Russia,” Meta said in the report.
“The people behind this activity relied on fake, authentic, and duplicate accounts to submit hundreds – in some cases, thousands – of complaints against their targets.”
Such coordinated bullying campaigns are referred to as “mobbing.”
– Ghostwriter –
Meanwhile, government-linked “actors” from Russia and its ally Belarus have engaged in cyber espionage and covert influence operations online, according to Meta.
That malicious activity took aim at the Ukrainian telecom and defense sectors along with tech platforms, journalists and activists, the report indicated.
Meta executives said they have seen a “further spike” in attacks by a Russia-linked hacker-group known as Ghostwriter.
Ghostwriter’s typical tactic is to target victims with “phishing” emails that trick them into clicking on deceptive links in an effort to steal log-in credentials.
The goal appeared to be to spread links to misinformation.
“Since our last public update, this group has attempted to hack into the Facebook accounts of dozens of Ukrainian military personnel,” Meta said in the report.
“In a handful of cases, they posted videos calling on the Army to surrender as if these posts were coming from the legitimate account owners.”
Meta blocked those videos from being shared, according to head of security policy Nathaniel Gleicher.
– Further action? –
“These threat actors are not going to give up,” Gleicher said on a telephone briefing.
“They are increasingly blending their techniques.”
Facebook has restricted Russian state media’s ability to earn money on the social media platform and has refused to stop using fact-checkers and content warning labels on state media posts.
“We are actively reviewing additional action we should take, particularly in the context of misinformation from government pages,” Gleicher said.
Meta, whose family of apps includes Instagram, has blocked the accounts of the Russian state-run media RT and Sputnik in the European Union.
Moscow responded by blocking Facebook and Instagram.
Related: Russia, Ukraine and the Danger of a Global Cyberwar
Related: Russia vs Ukraine – The War in Cyberspace
Related: Talking Global Cyberwar With Kaspersky Lab’s Anton Shingarev
