Meta Says Hacking Group Sent Bogus Ukrainian Surrender Messages

According to a recent security investigation by Meta, a Belarus-aligned hacking group attempted to get access to Ukrainian military personnel’s Facebook accounts and broadcast videos calling for the Ukrainian army to surrender using hijacked accounts.

The hacking attack, dubbed “Ghostwriter” by security researchers, was carried out by a group known as UNC1151, which according to Mandiant investigation has been tied to the Belarusian government.

The Ghostwriter operation was first identified in a Meta security update in February, but since then, the business has alleged that the gang has attempted to breach “dozens” more accounts, but only in a few cases.

The Ghostwriter hackers were able to publish films that looked to emanate from the hijacked accounts when they were successful, but Meta stated it had banned these movies from being spread further.

Hackers who hacked Ukrainian television networks and placed bogus claims of a Ukrainian surrender in the live broadcast news have previously used this approach to distribute fake surrender signals. Though such claims may easily be refuted, analysts believe their intent is to destroy Ukrainians’ faith in the media in general.

The first part of Meta’s quarterly Adversarial Threat Report, which draws on a previous report from December 2021 that described threats experienced during that year, revealed the latest Ghostwriter attacks.

While Meta has previously issued regular updates on the platform’s organized inauthentic conduct, the new threat report’s coverage is broader and includes espionage activities as well as other emerging concerns such as mass content reporting efforts.

Apart from the hacking of military personnel, the present study includes a number of other pro-Russian threats, such as covert influence operations against a variety of Ukrainian targets.

According to Meta, a group associated with the Belarusian KGB attempted to coordinate a demonstration against the Polish government in Warsaw, but both the event and the account that organized it were quickly taken down.

Although international influence operations such as these are among the report’s most striking aspects, Meta claims that authoritarian countries have increased their domestic influence tactics against their own populations. Nick Clegg, Facebook’s president of global affairs, said in a conference call with reporters on Wednesday that attacks on internet freedom have increased dramatically.

While foreign intervention has gotten a lot of press in recent times, local concerns are on the rise throughout the world, according to Clegg.

“In the first three months of this year, more than half of the operations we disrupted targeted people in their home countries, including by accessing people’s accounts, running misleading campaigns, and fraudulently reporting material to Facebook to stifle opponents, just as they did in 2021.”

According to Clegg, authoritarian governments strive to restrict information access in two ways: first, by spreading propaganda via state-run media and influence efforts, and second, by attempting to block off the flow of legitimate alternative sources of information.

According to Meta’s analysis, Facebook eliminated a network of about 200 Russian-operated identities that coordinated reporting of other users for bogus infractions such as hate speech, bullying, and inauthenticity in an attempt to get them and their content removed from the site.

The study’s findings underscored “why we need to defend the open internet, not only against authoritarian governments but also against fragmentation due to a lack of clear laws,” according to Clegg, echoing a point made by Meta in its lobbying efforts.