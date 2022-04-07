PARIS, FRANCE - OCTOBER 28: In this photo illustration, the Facebook logo is displayed on the screen of an iPhone in front of a Meta logo on October 28, 2021 in Paris, France. This October 28, during the Facebook Connect virtual conference, Mark Zuckerberg announced the name change of Facebook, believing that the term Facebook was too closely linked to that of the platform of the same name, launched in 2004. It is now official, the Facebook company changes its name and becomes Meta. (Photo illustration by Chesnot/Getty Images)

A group of cybercriminals tried to breach the Facebook accounts of Ukrainian military personnel and posted videos calling on the Ukrainian army to surrender, according to reports Meta, parent company of Facebook.

This campaign was carried out by a group known as UNC1151, which has been linked to the government of Belarus, according to the research carried out.

A February security update from Meta identified the activity of this group dubbed as a “ghostwriter” or ghostwriter. Since then, the group tried to compromise “dozens” of other accounts, although it had only been successful in a few cases.

These attackers especially use phishing to encourage their victims to click on links that lead to malicious sites to steal their passwords.

Cybercriminals were able to post videos with fake messages, which appeared to come from the affected accounts, but Meta said it had blocked those contents from being shared anymore.

“These dangerous actors are not going to give up,” Nathaniel Gleicher, Facebook's head of security policy, told a press conference. “And they increasingly tend to combine different approaches,” he added.

In addition to the aforementioned attacks, the company's report also details a variety of other actions carried out by pro-Russian actors. Meta even claimed that a group tried to organize a protest event against the Polish government in Warsaw, although the event and the account that created it were quickly disconnected.

The platform must not only deal with the classic disinformation campaigns by networks through fake accounts, but also with other tactics such as mobbing or persecution.

Gente espera para ser evacuada desde el pueblo de Derhachi, fuertemente bombardeado, en las afueras de Járkov, en medio de la ofensiva de Rusia, en Ucrania. 6 de abril, 2022. REUTERS/Thomas Peter REUTERS

200 accounts were deleted in Russia

Meta eliminated a network of 200 accounts in Russia for making massive false reports mainly against Ukrainian and Russian individuals.

The network operated with fake, duplicate and authentic accounts, whose behavior was detected by the platform's automatic systems. The company indicates in its report that mass reporting efforts increased in mid-February, just before the invasion of Ukraine.

In terms of fake behavior that is being distributed in a coordinated manner, the company removed a relatively “small” network that used fake accounts (27 Facebook and four Instagram accounts, although it also had a presence on other platforms) to attack users in Ukraine, where it operated alongside Russia.

Meta links this network to another one eliminated two years ago that operated from Russia, the Ukrainian region of Donbas and Crimea.

The technology company also updated its shares in Ukraine. In this regard, he highlighted that there were attempts to return to the platform by state and non-state actors previously removed from it, in addition to spam networks that use deceptive tactics to monetize public attention on the ongoing war.

Cyberespionage

In turn, Meta detected two cyber espionage campaigns in Iran, one of them targeting key industries and infrastructures in industries such as energy, telecommunications, maritime logistics or information technology; and in Azerbaijan, against civil society and operated by the Ministry of the Interior.

In South America, the company interrupted operations of coordinated inauthentic behavior in Brazil, Costa Rica and El Salvador.

On the other hand, in the Philippines, it removed a network responsible for shutting down websites and damaging them, as well as tens of thousands of accounts, pages and groups around the world for deploying a spam campaign to monetize people's attention to the upcoming elections in the country.

