During times of war, fakes and misinformation are particularly prone to circulate on social media.
With the war in Ukraine in its second month and the local army doing what it can to ward off the Russian invasion, one of the battles is also being waged on Facebook.
As Meta (MVRS) revealed in its latest security report, a group of hackers with ties to the Belarusian government broke into the accounts of Ukrainian military personnel and posted videos calling on Ukrainian military members to surrender.
The hacking group, which security researchers have been calling "Ghostwriter," was able to make the videos look as if they were legitimate by gaining access to email addresses and posting from real Ukrainian accounts.
"We detected and disrupted recidivist CIB activity linked to the Belarusian KGB who suddenly began posting in Polish and English about Ukrainian troops surrendering without a fight and the nation's leaders fleeing the country on February 24, the day Russia began the war," Meta wrote in the report, adding that the group had previously posted about police violence in the U.S. and Poland's treatment of migrants in the Middle East.
A Brief History of Russia's War In Ukraine
While tensions between Russia and Ukraine have been escalating since the 2014 annexation of Crimea, the situation launched into full-blown war when Russian troops entered Ukraine under the guise of "denazification" and a "special military operation" on Feb. 24.
The attacks have resulted in non-stop shelling of dozens of cities and a humanitarian crisis of 10 million Ukrainians (a fourth of the country) who involuntarily became refugees in neighboring countries.
The Ukrainian army has been fighting back with support from the United States, Canada and dozens of other Western countries. Russian troops were not able to take the capital of Kyiv and retreated to other parts of Ukraine in the last week.
The Hackers Haven't Been Fully Stopped, Though
While Meta reports that it was able to block most of the videos before they had a chance to be seen by viewers, Ghostwriter had been continuously trying to hack into the accounts of "dozens of Ukrainian military personnel" in March and April.
"When it comes to persistent threat actors, we've seen a further spike in activity by Ghostwriter," Ben Nimmo, Meta's global threat intelligence lead for influence operations, told a group of reporters in a call.
Another hacking campaign has been targeting information criticizing war from Ukrainian and Russian accounts — as early as winter 2021, hackers were orchestrating large numbers of fake accounts to report any posts against the Russian government's actions in Ukraine as "hate speech" and "bullying."
While Meta reported removing such accounts from Facebook, stopping such behavior is a bit like playing whack-a-mole since new campaigns restart as soon as one is stopped.
So What Can Be Done About It?
A week after its invasion of Ukraine, Russia blocked access to Facebook and Twitter (TWTR) after the latter two blocked state-owned media from their platforms. That said, most Russians have still been accessing accounts through a VPN — and, presumably, vrarious groups of hackers are also continuing to plan and orchestrate attacks both from inside and outside Russia.
"The network coordinated to falsely report people in Ukraine and also in Russia for various violations, including hate speech, in an attempt to have them and their posts removed from Facebook," Meta said.