Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Cyberwarfare

Pro-Russian Hackers Spread Hoaxes to Divide Ukraine, Allies

As Ukrainians flooded into Poland earlier this year to flee Russian invaders, a hacking group aligned with the Kremlin sought to spread rumors that criminal gangs were waiting to harvest the organs of child refugees.

As Ukrainians flooded into Poland earlier this year to flee Russian invaders, a hacking group aligned with the Kremlin sought to spread rumors that criminal gangs were waiting to harvest the organs of child refugees.

The network, known to cybersecurity experts as Ghostwriter, seemingly aimed to sow distrust between Ukraine and Poland. It’s one of several tactics outlined in a new report that outlines how Russia has used disinformation, fear and propaganda alongside bullets, tanks and soldiers in an effort to demoralize Ukraine and divide its allies.

The unfounded claim made its way into Russian-state media and online platforms popular with far-right groups in the U.S., where posts spreading the hoax have been shared many thousands of times on sites like Telegram and Twitter. The disinformation operation exploited legitimate concerns that Ukrainian refugees could be kidnapped by human traffickers, but no evidence of organ harvesting has surfaced.

“Ghostwriter operations will often piggyback on news stories or recent events,” said Alden Wahlstrom, a senior analyst at Mandiant, the cyber security firm that published the report Thursday. “There are certain motives that are consistent: Undercutting trust in NATO. Creating tensions.”

The report detailed several other Russian-aligned disinformation and propaganda campaigns, including bogus online claims that Ukrainian President Vladimir Zelenskyy had committed suicide or fled Ukraine. In some cases, the campaigns relied on Russian state media or fake social media accounts to disseminate the disinformation. Mandiant also identified cases in which groups linked to Russian intelligence disguised their disinformation as independent journalism. Russian diplomats have also emerged as a key vector for disinformation.

In one instance in March, groups linked to Russia spread claims online that Zelenskyy had surrendered on the same day he was preparing to address the U.S. Congress.

“Influence efforts and propaganda are used to shape public opinion, to impact the morale of participants in a conflict,” said Renee DiResta, research manager at the Stanford Internet Observatory and an expert on disinformation and social media. DiResta said Russia relies on this sophisticated network to “wage narrative warfare around the globe.”

Ghostwriter has been linked to Belarus, a key Russian ally. The network was also blamed for attempting to hack into the social media accounts of dozens of Ukrainian officers earlier this year. That operation was revealed by Meta, the parent company of Facebook, who said the hackers were foiled before they could use the officers’ accounts to post videos of surrendering Ukrainian soldiers.

Advertisement. Scroll to continue reading.

The organ harvesting hoax was further amplified by Russian state media and ultimately seeped into English-language websites and platforms. It can now be found on major platforms including Twitter and Telegram, where Russian forces are portrayed as the saviors of trafficking victims.

“The pro-Russian government… foiled a massive kidnapping plot organized by organ traffickers,” reads one example on Twitter. “US Government is complicit,” reads another post, from a user in Texas.

Mandiant’s report also highlighted pro-Chinese and Iranian disinformation networks that sought to leverage the war in Ukraine for their own ends.

The pro-Chinese network amplified a discredited Russian claim that the U.S. was running secret bioweapon research in Ukraine. That claim is similar to ones spread by Chinese officials who sought to blame the U.S. for the COVID-19 pandemic.

The Iranian network, by contrast, seemingly sought to create tensions between Russians and Israel by spreading claims that Israel had taken Ukraine’s side in the conflict.

In both cases, researchers at Mandiant stopped short of attributing the work to government agencies in either Iran or China, noting the difficulty in proving such linkages. Nonetheless, Wahlstrom said, they are using online disinformation to further Iran and China’s objectives, and using Russia’s invasion to do it.

“They’re parroting official Russian narratives,” Wahlstrom told The AP. “They’ve also given it their own twist.”

Written By

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Understand how to go beyond effectively communicating new security strategies and recommendations.

Register

Join us for an in depth exploration of the critical nature of software and vendor supply chain security issues with a focus on understanding how attacks against identity infrastructure come with major cascading effects.

Register

Expert Insights

Related Content

Cyberwarfare

WASHINGTON - Cyberattacks are the most serious threat facing the United States, even more so than terrorism, according to American defense experts. Almost half...

Cyberwarfare

Russian espionage group Nomadic Octopus infiltrated a Tajikistani telecoms provider to spy on 18 entities, including government officials and public service infrastructures.

Cybercrime

Patch Tuesday: Microsoft calls attention to a series of zero-day remote code execution attacks hitting its Office productivity suite.

Cyberwarfare

Several hacker groups have joined in on the Israel-Hamas war that started over the weekend after the militant group launched a major attack.

Application Security

Virtualization technology giant VMware on Tuesday shipped urgent updates to fix a trio of security problems in multiple software products, including a virtual machine...

Cybercrime

On the first anniversary of Russia’s invasion of Ukraine, cybersecurity companies summarize the cyber operations they have seen and their impact.

Cyberwarfare

The war in Ukraine is the first major conflagration between two technologically advanced powers in the age of cyber. It prompts us to question...

Application Security

Fortinet on Monday issued an emergency patch to cover a severe vulnerability in its FortiOS SSL-VPN product, warning that hackers have already exploited the...