Facebook-owner Meta says Ukraine's military, politicians targeted in hacking campaign

Figurines with computers and smartphones are seen in front of the words "Cyber Attack", binary codes and the Ukrainian flag, in this illustration taken February 15, 2022. REUTERS/Dado Ruvic/Illustration/Files

(Reuters) -Meta Platforms said a hacking group used Facebook to target public figures in Ukraine, including prominent military officials, politicians and a journalist, as the social media company announced steps against covert influence and hacking amid Russia's ongoing invasion of its neighbor.

Meta said in the last 48 hours it had separately removed a network of about 40 fake accounts, groups and pages across Facebook and Instagram that operated from Russia and Ukraine targeting people in Ukraine, for violating its rules against coordinated inauthentic behavior.

A Twitter spokesperson said the company had also suspended more than a dozen accounts and blocked the sharing of several links for violating its rules against platform manipulation and spam. It said its ongoing investigation indicated the accounts originated in Russia and sought to disrupt the public conversation around the conflict in Ukraine.

A spokesperson for Alphabet Inc's YouTube said it had terminated several YouTube channels, which had fewer than 90 subscribers in total, as part of its investigation into coordinated influence operations linked to Russia.

In a blog post on Monday, Meta attributed the hacking efforts to a group known as Ghostwriter, which it said successfully gained access to the targets' social media accounts. Meta said the hackers attempted to post YouTube videos from the accounts portraying Ukrainian troops as weakened, including one video which claimed to show Ukrainian soldiers coming out of a forest and flying a white flag of surrender.

Ukrainian cybersecurity officials said on Friday that hackers from neighboring Belarus were targeting the private email addresses of Ukrainian military personnel "and related individuals," blaming a group code-named UNC1151. The U.S. cybersecurity firm FireEye has previously connected the group with Ghostwriter activities.

Meta's security team said it had taken steps to secure targeted accounts and had blocked the hackers' phishing domains. It declined to give the targets' names but said it had alerted users where possible.


Meta said the separate influence campaign, which used a number of fictitious personas, claimed to be based in Kyiv and ran a small number of websites masquerading as independent news outlets. These outlets published claims about the West betraying Ukraine and Ukraine being a failed state.

The company said it had found links between this influence network and an operation it removed in April 2020, which it had connected to individuals in Russia, the Donbass region in Ukraine and two media outlets based in Crimea: NewsFront and SouthFront, now sanctioned by the U.S. government.

SouthFront said it had been banned by Facebook at least four times before, that its team is not in Crimea and that its coverage aims to be objective.

NewsFront did not respond to a request for comment.

In a news briefing, Meta declined to specific numbers give but said the influence campaign's content had seen a "very low level" of shares, posts or reactions. It said the campaign had fewer than 4,000 Facebook accounts following one or more of its pages and fewer than 500 accounts following its Instagram accounts. It did not say how long the campaigns had been active on its platforms.

Meta said the campaign had also used Twitter, YouTube, Telegram and Russian social media sites Odnoklassniki and VK. Telegram and VK, which also owns Odnoklassniki, did not respond to requests for comment.

The crisis in Ukraine has seen escalating clashes between Moscow and major tech companies. On Friday, Russia said it would partially restrict access to Facebook, a move Meta said came after it refused a government request to stop the independent fact-checking of several Russian state media outlets. On Saturday, Twitter also said its service was being restricted for some Russian users.

Ukraine has been buffeted by digital intrusions and denial-of-service actions both in the run-up to and during the Russian invasion, which Moscow calls a "special operation". Several big tech companies have announced measures to bolster the security and privacy of their users in the country.

Meta, which has in recent days made changes, such as disabling searches and viewing of the friends lists of Facebook accounts in Ukraine, said on Monday it was also making this change in Russia in response to public reports of civil society and protesters being targeted.

(Reporting by Elizabeth Culliford in New York; Additional reporting by Christopher Bing in Washington, D.C. and Paresh Dave in Oakland, California; Editing by Kenneth Li, Jonathan Oatis and Tomasz Janowski)

Article type: metered
User Type: anonymous web
User Status:
Campaign ID: 1
Cxense type: free
User access status: 3
Subscribe now to our Premium Plan for an ad-free and unlimited reading experience!


Next In Tech News

India plans federal oversight of all real-money online games-sources, document
Could EV charging stations become targets?
Opinion: Musk's Twitter won't die. Look at Telegram
Amazon to restart advertising on Twitter - Platfomer reporter
Search for answers in US triple killing to focus on murky world of online predators
Opinion: San Francisco's self-cleaning public toilets make me scared for the future
Review: 'Gotham Knights' has some bright spots, but doesn’t carry torch to 'Arkham' video game legacy
Musk says 'possible' that Twitter gave preference to leftists during Brazil election
Crypto broker Genesis owes Gemini's customers $900 million, Financial Times reports
The first SMS was sent 30 years ago. When will the last one be?

Others Also Read