A hacking group allied with Belarus has tried to compromise the Facebook accounts of Ukrainian military personnel and published videos of hacked accounts calling on the Ukrainian army to surrender, according to a new security report by Meta (Facebook’s parent company).
Previously dubbed a “ghostwriter” by security researchers, the hacking campaign was carried out by a Group known as UNC1151, which has been linked to the Belarusian government in investigations conducted by Mandiant. A February security update von Meta reported ghostwriting operation activity, but since this update, the company said the group has attempted to compromise “dozens” more accounts, although it has only been successful in a handful of cases.
Where this was successful, the hackers behind ghostwriters were able to post videos that appeared to be from the compromised accounts, but Meta said it stopped those videos from being shared further.
Spreading fake surrender news has already been a tactic used by hackers who have compromised TV stations in Ukraine planted false reports of a Ukrainian surrender into the cyclones of live news. Although such statements can be quickly refuted, experts have suggested that their purpose is to undermine Ukrainians’ trust in the media at large.
The details of the latest ghostwriting hacks were published in the first issue of Meta’s quarterly Adversarial Threat Report, a new offering from the company that builds on a similar one December 2021 report that detailed threats were exposed this year. Meta has previously published regular reports about it coordinated inauthentic behavior On the platform, the scope of the new threat report is broader and includes espionage operations and other emerging threats such as bulk content reporting campaigns.
In addition to the hacks against military personnel, the latest report details a range of other actions carried out by pro-Russian threat actors, including covert lobbying campaigns against a variety of Ukrainian targets. In one case from the report, Meta claims that a group linked to the Belarusian KGB tried to organize a protest event against the Polish government in Warsaw, although the event and the account that created it are quickly going offline were taken.
Although foreign influence operations like this make up some of the report’s most dramatic details, Meta says there has also been a surge in influence campaigns waged by repressive domestic governments against their own citizens. In a conference call with reporters on Wednesday, Facebook’s President of Global Affairs Nick Clegg said attacks on internet freedom had escalated.
“While much of the public attention in recent years has focused on foreign interference, domestic threats are on the rise around the world,” Clegg said. “Just like in 2021, more than half of the operations we disrupted in the first three months of this year were directed against people in their own countries, including by hacking people’s accounts, running fraudulent campaigns and that falsely reporting content to Facebook to silence critics.”
Authoritarian regimes generally attempted to control access to information in two ways, Clegg said: first, by spreading propaganda through state media and influencer campaigns, and second, by attempting to shut down the flow of credible alternative sources of information.
According to Meta’s report, the latter approach was also used to limit information about the Ukraine conflict, with the company removing a network of around 200 Russian-run accounts involved in coordinated reporting of other users for fictitious violations, including hate speech, bullying , and inauthenticity to have them and their posts removed from Facebook.
Reproducing an argument from Meta lobbyingClegg said the threats outlined in the report showed “why we need to protect the open internet, not only from authoritarian regimes, but also from fragmentation through the lack of clear rules.”
https://www.theverge.com/2022/4/7/23013983/fake-ukrainian-surrender-messages-meta-threat-report Hacking group posted fake Ukrainian surrender messages, Meta says in new report