Groups associated with the Russian and Belarusian governments are employing a bevy of shady cyber tactics to target Ukrainians on Facebook, according to a new report from the social network’s parent company Meta. The company notes that in just the past few days, it’s seen an uptick in attacks targeting public figures, military members, and average civilians as Russian forces lay siege to their country.
These schemes ranged from bad actors trying to hack the Facebook pages of Ukrainian officials to creating a network of fake accounts posing as journalists, editors and outlets. The sham journalists all pushed talking points about Ukraine being a “failed state.” That network, according to the report, was made up of roughly 40 fake accounts running Facebook Pages and Groups across Facebook and Instagram. The impersonators also maintained a side presence on other platforms like YouTube and Twitter so the imposters could “appear more authentic” and not like such obvious fakes.
Well, eventually the accounts were found out—but as Facebook Security Policy lead Nathaniel Gleicher said on a call with reporters about the findings, “We know that determined adversaries like this will keep trying to come back.” During the ongoing investigation into this phony ring of reporters, the company says it found links between these accounts and another cadre of faux news pages that were taken down back in April, 2020.
Meta also noted attempted account takeovers by a hacking group called “Ghostwriter,” which has been on the cybersecurity community’s radar since the summer of 2020, when it was caught hijacking prominent accounts in Lithuania, Latvia and Poland to promote anti-NATO propaganda. In this case, Meta says the group was targeting Ukrainian Facebook accounts in an attempt to promote YouTube clips “portraying Ukrainian troops as weak and surrendering to Russia.”
Aside from the fake journos and fake YouTube videos, Meta also says it caught a network of roughly 200 accounts—all operated from Russia—that were filing false reports against posts from Ukrainian users, accusing them of hate speech, bullying, and more, all in an attempt to get those posts pulled from the platform as Russia’s invasion approached.
“The people behind this activity relied on fake, authentic, and duplicate accounts to submit hundreds—in some cases, thousands—of complaints against their targets through our abuse reporting tools,” the report reads. “Many of this network’s accounts were detected and disabled by our automated systems. Their coordinated reporting increased in mid-February, just before the invasion of Ukraine.”
It’s unlikely that this onslaught of spammy, scammy tactics is going to stop anytime soon, which is why Meta recommends that users in Ukraine and Russia “use caution when accepting friend requests and opening links and files from people they don’t know,” and why Gizmodo recommends reading our own detailed guide to not getting hacked. And please, for the love of god, use two-factor authentication.