Russian-backed hackers spreading disinformation on Facebook

Ines Kagubare
·2 min read

A new Facebook report found that government-affiliated hackers from Russia and Belarus attempted to use the social media platform for cyber espionage and disinformation campaigns targeting Ukrainians.

The report, released on Thursday, said the hackers targeted the Ukrainian telecom industry, defense and energy sectors, tech platforms, journalists, and activists.

Facebook said it disrupted a disinformation campaign linked to the Belarusian KGB, which posted that Ukrainian troops were surrendering, and that nation’s leaders were fleeing the country the day Russia invaded. The tech company said it disabled the account and stopped the campaign that same day.

The report also found that Ghostwriter, a hacking group affiliated with Belarus, attempted to hack into the Facebook accounts of dozens of Ukrainian military personnel.

“In a handful of cases, they posted videos calling on the Army to surrender as if these posts were coming from the legitimate account owners. We blocked these videos from being shared,” the report said.

Ghostwriter hackers target people through phishing emails and use that to gain access to their social media accounts across the internet, the tech company said in the report.

“Threat actors will always try: it’s their job. But having a skilled community out there which is able to detect deception and influence ops fast makes for a much less conducive environment,” said Ben Nimmo, Facebook’s global threat intelligence lead for influence operations, in a tweet.

The Facebook findings follow a Google report released last week which found that Russian-backed hackers attempted to penetrate the networks of NATO, U.S.-based nongovernmental organizations and the militaries of several Eastern European countries, including a Ukraine-based defense contractor.

Google said the hackers, known as Calisto or Coldriver, launched phishing campaigns “using newly created Gmail accounts to non-Google accounts” which made “the success rate of the campaigns unknown.” The tech giant added that it has “not observed any Gmail accounts successfully compromised during these campaigns.”

The Washington Post recently reported that the Russian military spy service, the GRU, was behind a hack that compromised the Ukrainian military’s communications at the beginning of the invasion.

An official from the communications company Viasat told the Post that satellite modems were hacked in February when the invasion began. The Viasat official said that new modems will be provided to those affected by the hack.

Last week, Secretary of State Anthony Blinken announced additional sanctions on Russia’s tech companies and cyber actors following malicious cyber activities. Blinken said that the U.S. will hold President Putin’s cyber actors accountable for their “disruptive, destructive and destabilizing cyber activities.”

For the latest news, weather, sports, and streaming video, head to The Hill.