Russian-backed hackers broke into the Facebook accounts of Ukrainian military officials

A group of hackers with ties to the Belarusian government broke into the Facebook accounts of Ukrainian military officials and posted videos calling on the Ukrainian military to surrender. According to Facebook’s parent company, Meta, the messages appeared to come from the account’s legitimate owners.

The hacker group, known in the security industry as ghost writerusually targets victims by compromising their email addresses and using them to access social media accounts.

“With respect to persistent threat actors, we have seen a further increase in Ghostwriter activity,” Ben Nimmo, Meta’s global threat intelligence manager for influence operations, said in a call. with journalists. He added that since February, “they have been trying to hack the Facebook accounts of dozens of Ukrainian servicemen.”

Meta’s head of security policy, Nathaniel Gliecher, said videos posted to Ukrainian military officials’ accounts weren’t seen by users and were removed by the platform before they could be shared with others. others.

Meta also took down a network of 200 accounts operating from Russia that were falsely filing hundreds – and in some cases thousands – of reports against users, mostly in Ukraine and Russia, for various policy violations. The mass reporting was an attempt to silence critics and Ukrainians, Meta said.

The operation peaked in mid-February, just before Russia invaded Ukraine. Actors have used a variety of fake, genuine and duplicate accounts to falsely report users for hate speech and bullying violations. Meta said that in an attempt to evade detection, the threat actors coordinated their mass reporting activity in a cooking-themed Facebook group that had about 50 members when it was discovered.

“Since Russia’s invasion of Ukraine we have seen attacks on internet freedom and access to information escalate sharply,” said Nick Clegg, president of global affairs at Meta. He said these attacks manifest themselves through Russian state propaganda, media influence operations, espionage campaigns and attempts to shut down the feed. credible information.

Meta said threat actors with ties to Russia and Belarus who engage in cyber espionage and covert influence operations have an interest in Ukraine’s telecommunications industry, defense and security sectors. energy, technology platforms and journalists.

But Ukrainian officials believe Russia is behind the disinformation efforts, timed to coincide with conventional warfare. “Cyber ​​warfare is a component of conventional warfare, provided by Russia against Ukraine,” Ukraine’s top cybersecurity official Victor Zhora said during a briefing with reporters on Tuesday.

A Belarusian KGB-linked group, which Meta had previously shot down in November, returned with a new operation a day before the Russian invasion began. Meta said the group had “suddenly” started posting in Polish and English about the surrender of Ukrainian troops and the surrender of leaders without a fight.

On March 14, the group created an event in Warsaw calling for a protest against the Polish government, Meta claimed. The event remained on the platform for “a few hours at most” and was removed with the account behind it, Nimmo said.

New insights into threat actors with ties to Russia targeting Ukrainian officials and public figures on Facebook are part of the company’s new quarterly Adversarial Threat report. It builds on the existing Quarterly Community Standards Report and the Coordinated Monthly Inauthentic Behavior Report.

The disinformation campaign by Russian-aligned actors targeting Ukrainians on social media and online comes alongside other cyberattacks targeting Ukrainian government agencies, media groups and telecommunications.

The Security Service of Ukraine announced Thursday he uncovered another text message campaign sending 5,000 SMS messages to Ukrainian military and law enforcement agencies demanding that they defect and surrender to Russian forces.

“The outcome of events is predetermined! the messages said, according to Ukrainian officials. “Be careful and refuse to support nationalism and the leaders of the country who have discredited themselves and already fled the capital!!!”

Between March 23 and 29, Ukraine’s critical infrastructure recorded 65 cyberattacks – five times more than the previous week – according to a report by Ukraine’s State Service for Special Communications and Information Protection (SSSCIP).

The agency said the main targets included national and local authorities, the security and defense sector, financial companies, satellite telecommunications and the energy sector.

“We don’t see any serious and complicated attacks on critical infrastructure that can be successful so far,” said Zhora, deputy head of Ukraine’s SSSCIP. “We are registering attempts, but I hope we can counter them effectively and ensure the security of our IT systems.”

But the hackers launched a “sophisticated and massive” attack on the infrastructure of one of Ukraine’s biggest providers, Ukrtelecom, on March 28, Kirill Goncharuk, the company’s chief information officer, told reporters on Tuesday. society.

The attack on Ukrtelecom was launched from inside Russian-occupied Ukrainian territory, although Goncharuk did not reveal the precise location, citing security concerns.

Goncharuk said the hackers used an employee’s compromised account to gain entry. The employee is currently safe, but the IOC declined to say whether the individual was physically coerced into giving access.

Network traffic dropped to 13% of the normal network operating regime but, according to SSSCIP, Ukrtelecom security experts detected the attack within 15 minutes of its launch and restored 85% of service in 24 hours.

During the attack, intruders attempted to disable company servers and take control of Ukrtelecom’s network by attempting to change passwords for employee accounts as well as passwords for equipment and firewalls, according to Goncharuk.

Investigators say it appears the attackers did not access customer data. Officials have yet to attribute the attack. The investigation – in coordination with Microsoft and Cisco – is ongoing.

“The majority of [cyber]the attacks hitting Ukrainian infrastructure right now have Russian origins,” Zhora told reporters. “And it doesn’t matter if the FSB or the GRU are behind it. Different APT groups can sit on the same floor in the same buildings.”

The hack follows an attack on US telecommunications company Viasat on February 24 that targeted terminals in Ukraine but also caused outages in Germany and other European countries at the start of the Russian invasion.

A US official told CBS News that US intelligence officials believe Russian state actors were behind the Viasat hack, although the White House has not said so publicly.

US officials believe it was intended to disrupt service in Ukraine, but spread beyond its intended targets.

The Biden administration remains concerned that cyberattacks targeting Ukrainian critical infrastructure could “spread” to the United States and its allies, similar to events surrounding the NotPetya malware attack in 2017.

Homeland Security Secretary Alejandro Mayorkas told CBS Evening News anchor and editor Norah O’Donnell on Wednesday that Russian actors “did not attack our critical infrastructure in retaliation for sanctions that we have imposed”.

“We are preparing for an attack,” Mayorkas added, noting that US officials are on high alert for potential breaches of critical infrastructure, including US banks, the energy grid and the water supply system. . “We are ready to defend ourselves.”

Testifying in the Senate this week, the head of the United States Cyber ​​Command, General Paul Nakasone, cautiously supported the creation of a “social media data threat analysis center” to help fight against foreign influence campaigns.

“Based on my experience, looking at two different election cycles and the work of our opponents trying to gain greater influence, I think such a center would be helpful,” he told lawmakers, adding that researchers must assess the “full range” of adversaries. capabilities, including tactics, crafts, and procedures. »

Previous Safety Data Sheet (SDS) Management Market Size, Growth Drivers, and Forecast
Next 13 Universities get over N172m grant for telecom-based research