Belarus-linked hackers targeted Ukrainian military Facebook accounts, posted surrender videos: Meta

Belarus-linked hackers attempted to break into dozens of Ukrainian military personnel’s Facebook accounts and post videos encouraging surrender amid Russia’s invasion, according to Meta on Thursday. 

Meta published a threat report saying it stopped the handful of accounts from sharing the videos but it observed other state-sponsored cyber campaigns on its platforms linked to Belarus and Russia. 

“Government-linked actors from Russia and Belarus engaged in cyber espionage and covert influence operations online,” the report said. “This activity included interest in the Ukrainian telecom industry; both global and Ukrainian defense and energy sectors; tech platforms; and journalists and activists in Ukraine, Russia, and abroad. These operations appear to have intensified shortly before the Russian invasion.”

Meta attributed the attempts to Ghostwriter, which cybersecurity firm Mandiant has linked to Belarus and said Russia may be a contributor to its operations. 

Others aligned with Russia but not linked to any government also abused Facebook’s platform, per the threat report. Malicious accounts that falsely reported people for violating Facebook’s rules coordinated their behavior in a cooking-themed group on Facebook.

Meta said it removed a network of approximately 200 accounts in Russia that sought to silence people in Ukraine, Russia, Israel, the United States and Poland via claims that the people broke Facebook’s rules involving things such as hate speech and bullying.

The hackers and hooligans weaponizing Facebook were not limited to Russia. Meta said it also took action against hackers from Iran targeting U.S. politicians; Iran-focused academics, activists and journalists; and people in the Middle East, including the Saudi military. Meta said it has tracked the Iranian hackers for years but they have hidden their identity. 

Another Iranian hacking group Meta discovered sought to spoof or target many companies around the world, including those in the semiconductor and maritime logistics industries in the U.S. Meta said this hacking group was previously unreported and it, too, cloaked its identity.