Several specific updates to the security of Meta Platforms apps like Facebook and Instagram are being applied due to current violations of Meta’s “coordinated inauthentic behavior” policy as a result of the current crisis in Europe. In addition, a threat actor known as “Ghostwriter” tracked since at least 2017 has now been confirmed to be involved in the “targeting of people in Ukraine, including Ukrainian military and public figures,” Meta said. Meta is continuing to roll out privacy and security measures that will help “people in Ukraine and Russia” to secure their accounts.
Network Violating CIB Policy Taken Down
A network of 40 accounts orchestrated by Russian and Ukrainian groups has been taken down by Meta for violating Meta’s CIB policy in the last 48 hours. This included “Pages and Groups on Facebook and Instagram.” The groups ran websites that posed as independent news entities, and “created fake personas across social media platforms” targeting people in Ukraine. The operation “publishing claims about the West betraying Ukraine and Ukraine being a failed state” used artificial intelligence Generative Adversarial Networks (GAN) techniques to generate fictitious personas. The groups claimed to be based in Kiev (Kyiv) are posing as aviation engineers and legitimate scientist authors “to appear more authentic in an apparent attempt to withstand scrutiny by platforms and researchers.” Fake personas were created across platforms like Facebook, Instagram, Twitter, YouTube, Telegram, Russian Odnoklassniki, and VK — the latter two being the most popular social media networks in Russia.
The Ghostwriter
Among the coordinated social media schemes targeting Ukraine during this period, a threat actor targeting “people in Ukraine, including Ukrainian military and public figures” known as Ghostwriter was identified. The Ghostwriter has planted fraudulent information concerning Covid-19 and NATO in the past. This threat actor, linked to Belarus, is known to use email compromise as an attack vector, thereby gaining access to social media accounts and posting disinformation. Meta detected instances of users being targeted on Facebook with strategic misinformation schemes. Such schemes look like; the targeting of users on Facebook to post YouTube videos falsely depicting the surrender of Ukrainian troops. This included a video showing soldiers waving a “white flag of surrender.” Meta has taken steps to secure accounts believed to be compromised by threat actor Ghostwriter and is alerting victims where possible. “We also blocked phishing domains these hackers used to try to trick people in Ukraine into compromising their online accounts” said Meta.
Meta’s Investigation is Ongoing
The investigation into the fraudulent schemes “in the midst of this invasion” is ongoing Meta said. Meta correlated this behavior with another operation that was shut down in April 2020 — then connected to individuals in Russia, the Donbas region in Ukraine, and two Crimean media organizations known as NewsFront and SouthFront that are sanctioned by the U.S. Meta is in contact with the government of Ukraine, which has enlisted Meta’s help to restrict several local accounts “including those belonging to some Russian state media organizations.” “We are also reviewing other government requests to restrict Russian state controlled media.” “Our thoughts are with everyone affected by the war in Ukraine,” wrote Meta.
Meta’s Security Recommendations
Meta’s security recommendations come as the volume of “public reports of targeting of civil society and protesters” has skyrocketed. Social media users in Russia and Ukraine should;
Use caution when accepting friend requests from unknown users Stay cautious about requests to open links and files Use two-factor authentication on all accounts “Lock” their profile to stop unauthorized account activity Check their Instagram settings and heed new security notifications such as switching the account to “private” Using strong passwords and two-factor authentication across all Meta Platforms services including Messenger and Whatsapp
A new special operations center that will monitor services “around the clock, allowing us to respond to issues in real time” has been established.