Meta disrupts covert influence operations by Belarus- and Russia-linked actors targeting Ukrainians, like hacking Ukrainian military staff's Facebook accounts
combining computer network exploitation with influence operations, CNE & active measures, in classic terminology (to be expected historically). Meta does an exceptionally good job at reflecting this development. https://twitter.com/... Thomas Rid / @ridt : Meta's 1st Quarter 2022 Adversarial Threat Report is a remarkable document https://about.fb.com/... Catalin Cimpanu / @campuscodi : There's also some weird enforcement against a network of 400 Facebook accounts in the Philippines who... took credit for a DDoS attack... wait, what? 🧐🧐🧐🧐 🧐🥸🥸🥸 🥸🥸 Some weird drama going on here... https://twitter.com/... Catalin Cimpanu / @campuscodi : However.... the most interesting part of this report is the part where Facebook said it found a network of accounts from Russia engaging in harassment by falsely reporting accounts for various violations. This is how Russian bot farms punish those who challenge their narrative. https://twitter.com/... Catalin Cimpanu / @campuscodi : Something interesting is the fact that Meta also disrupted both influence and hacking campaigns originating from Azerbaijan. Facebook attributed the attacks to the Azeri Ministry of Internal Affairs. Likened it to Belarus' Ghostwriter group. Unsophisticated but prolific. https://twitter.com/... Melanie Paradis / @melanie_paradis : More Russian thought scams! Tactics include: ⚠️posing as journalists & independent news outlets to push 🇷🇺 talking points ⚠️attempting to hack 🇺🇦 soldiers' Facebook accounts ⚠️running coordinated campaigns to get posts by critics of 🇷🇺 removed from social media #Ukraine https://twitter.com/... Andy Stone / @andymstone : The report outlines steps we've taken to address cyber espionage and influence operations related to the war in Ukraine, including attempts by networks we previously removed to return to the platform. This is something for which we've been on high alert. https://twitter.com/... Alberto Nardelli / @albertonardelli : “For example, we detected and disrupted recidivist CIB activity linked to the BelarusianKGB who suddenly began posting in Polish and English... Prior to that, this particular threat actor primarily focused on accusing Poland of mistreating migrants from the Middle East...” https://twitter.com/... Ben Nimmo / @benimmo : 🚨JUST OUT🚨 Quarterly threat report from @Meta's investigative teams. Much to dig into: State & non-state actors targeting Ukraine; Cyber espionage from Iran and Azerbaijan; Influence ops in Brazil and Costa Rica; Spammy activity in the Philippines... https://about.fb.com/... @corintxt : Fake surrender messages were also spread by hackers who compromised TV networks in Ukraine, per NYT reporting: https://www.nytimes.com/... https://twitter.com/... Nicole Sganga / @nicolesganga : NEW: Russian-backed hackers successfully broke into Facebook accounts of Ukrainian military officials. Plus, more on the latest targeting of Ukrainian telecom. And Sec. Mayorkas tells @CBSNews we've not seen retaliatory attacks from Russia. w/ @Bidar411 https://www.cbsnews.com/... Andy Stone / @andymstone : As part of our ever-expanding effort to share what we know about coordinated inauthentic behavior, we're now expanding our regular reporting to include cyber espionage, inauthentic behavior and other emerging harms in one place. https://twitter.com/... @jeffstone500 : Ghostwriter, a Belarusian disinfo operation, tried hacking Ukrainian soldiers' Facebook accounts to post videos encouraging Kyiv to surrender, Meta says. The same outfit previously has spread faked diplomatic letters and doctored tweets from US lawmakers. https://about.fb.com/... Kate Conger / @kateconger : Facebook says it detected and stopped several new misinformation campaigns in Ukraine, driven by state-backed groups from Russia and Belarus: https://www.nytimes.com/...
Meta helpfully lists some of the CIB-linked domains at the end of the report. Monitor-ua[dot]com is an interesting one. The domain has at least two GAN reporters will developed bios. Here's one (original on left, translation on right) https://twitter.com/...
Fascinating question, by the way, how large threat intel firms structure their teams and hiring practices to be able to optimize investigations of such integrated operational activity
Facebook also said it removed four networks for coordinated inauthentic behavior (influence operations) that were operating in Brazil, Costa Rica and El Salvador, Russia and Ukraine, and Russia. See page 13/PDF (too much to screenshot): https://about.fb.com/...
Really interesting. #Meta's (fka, #Facebook) 1st quarter Adversarial Threat Report. Very glad they're doing this, however I wish Facebook/Meta had been taking malign IB more seriously in all the years its platforms have been used to sabotage facts & truth https://about.fb.com/...…
As Facebook talks about, their interactive targeting and exploit protection make this groups one of the more advanced that I've seen. Kudos to the cyber espionage team at Meta for disrupting this threat!
Facebook announced disruptions against two Iranian aligned groups: #TA453 & #TA455. TA455 has never been reported on publicly and is super unique. We actually saw front companies used as pretexts for obtaining trials from software companies. https://about.fb.com/...
1/ We just released our Q1 Adversarial Threat Report. Highlights: 2 Iranian cyber-espionage ops, Azeri domestic op combining IO+cyber espionage, ops targeting Ukraine, prep for the Philippines elections, and new enforcements against other emerging harms🧵https://about.fb.com/ ...
There's a lot of interesting stuff here. An operation originating in Russia that did mass reporting of Ukrainians. Details on opportunistic spammers leveraging the conflict for 💰. GAN profile photos still seem popular. Cyber attacks + CIB. https://twitter.com/...
Remarkably aggressive Belarusian covert action in support of the Russian invasion of Ukraine, with KGB going as far as attempting to organize an actual rally against the Polish government in Warsaw under false pretenses https://twitter.com/...
For about a decade now, adversaries have run integrated operations—combining computer network exploitation with influence operations, CNE & active measures, in classic terminology (to be expected historically). Meta does an exceptionally good job at reflecting this development. h…
There's also some weird enforcement against a network of 400 Facebook accounts in the Philippines who... took credit for a DDoS attack... wait, what? 🧐🧐🧐🧐 🧐🥸🥸🥸 🥸🥸 Some weird drama going on here... https://twitter.com/...
However.... the most interesting part of this report is the part where Facebook said it found a network of accounts from Russia engaging in harassment by falsely reporting accounts for various violations. This is how Russian bot farms punish those who challenge their narrative. h…
Something interesting is the fact that Meta also disrupted both influence and hacking campaigns originating from Azerbaijan. Facebook attributed the attacks to the Azeri Ministry of Internal Affairs. Likened it to Belarus' Ghostwriter group. Unsophisticated but prolific. https://…
More Russian thought scams! Tactics include: ⚠️posing as journalists & independent news outlets to push 🇷🇺 talking points ⚠️attempting to hack 🇺🇦 soldiers' Facebook accounts ⚠️running coordinated campaigns to get posts by critics of 🇷🇺 removed from social media #Ukraine https://t…
The report outlines steps we've taken to address cyber espionage and influence operations related to the war in Ukraine, including attempts by networks we previously removed to return to the platform. This is something for which we've been on high alert. https://twitter.com/...
“For example, we detected and disrupted recidivist CIB activity linked to the Belarusian KGB who suddenly began posting in Polish and English... Prior to that, this particular threat actor primarily focused on accusing Poland of mistreating migrants from the Middle East...” https…
🚨JUST OUT🚨 Quarterly threat report from @Meta's investigative teams. Much to dig into: State & non-state actors targeting Ukraine; Cyber espionage from Iran and Azerbaijan; Influence ops in Brazil and Costa Rica; Spammy activity in the Philippines... https://about.fb.com/...
Fake surrender messages were also spread by hackers who compromised TV networks in Ukraine, per NYT reporting: https://www.nytimes.com/... https://twitter.com/...
NEW: Russian-backed hackers successfully broke into Facebook accounts of Ukrainian military officials. Plus, more on the latest targeting of Ukrainian telecom. And Sec. Mayorkas tells @CBSNews we've not seen retaliatory attacks from Russia. w/ @Bidar411 https://www.cbsnews.com/..…
As part of our ever-expanding effort to share what we know about coordinated inauthentic behavior, we're now expanding our regular reporting to include cyber espionage, inauthentic behavior and other emerging harms in one place. https://twitter.com/...
Ghostwriter, a Belarusian disinfo operation, tried hacking Ukrainian soldiers' Facebook accounts to post videos encouraging Kyiv to surrender, Meta says. The same outfit previously has spread faked diplomatic letters and doctored tweets from US lawmakers. https://about.fb.com/...
Facebook says it detected and stopped several new misinformation campaigns in Ukraine, driven by state-backed groups from Russia and Belarus: https://www.nytimes.com/...