Meta says it continues to crack down on bad actors on its social networking sites. The company, which owns Facebook and Instagram, said Thursday it had pulled a Russian-based troll farm from Instagram earlier this year that was churning out fake posts about the war in Ukraine.
Global threat intelligence chief Ben Nimmo said the troll farm, referred to as “Cyber Front Z,” based in St. Petersburg, was detected by Meta in mid-March and taken down in early April. of Meta Quarterly Adversary Threat Reportreleased on Thursday, also noted that the group was linked to people who had been linked to the Internet Research Service, one of the most important entities involved in Russia’s far-reaching efforts to . Since it was taken down, the troll farm has tried to come back, the report says, but Meta continues to detect those attempts and disable them.
Nimmo said Cyber Front Z recruited dozens of people off the street to make what appeared to be authentic posts defending Russia and criticizing Ukraine.
“They ran a Telegram channel that basically told people to leave pro-Russian comments on social media posts by public figures, journalists, politicians, celebrities, like Angelina Jolie and Morgan Freeman.” Nimmo, who spoke at a news conference on Thursday, said the troll farm targets users on LinkedIn, Twitter and “many different platforms.”
In its report, Meta said the troll farm operated 45 Facebook accounts and 1,037 Instagram accounts. It also reported that about 49,000 accounts followed one or more of the Instagram accounts.
Beyond Russia, the report also details actions taken by Meta against the APT 36 hacker group, which operates out of Pakistan. The group targeted social media users in Afghanistan, India, Pakistan, the United Arab Emirates and Saudi Arabia using various malicious tactics to infect devices with malware.
“One of the interesting details we’re seeing here is the use of social cards, which are online marketing tools that allow people to customize the image to play when a specific URL is shared on social media. That’s another effort here. to effectively trick users into trusting the link with them by sharing a custom image,” said Mike Dvilianski, Meta’s head of cyber espionage research.
Meta also said it had taken action against a cyber espionage operation in South Asia known as Bitter APT. These hackers targeted users in New Zealand, India, Pakistan and the United Kingdom with malware.
Bitter APT’s tactics included posing as attractive women, journalists, or activists to build trust with people and get them to click on malicious links or download malware.
Meta’s report characterized the Bitter APT attacks as “relatively low in sophistication and operational security,” but nonetheless “persistent and well-resourced.”
Meta’s head of security policy, Nathaniel Gleicher, expressed the hope that by sharing these threats, Meta users will be better able to defend against these attacks.
“More bad actors will engage in cyber espionage and barriers to entry. Because these tools are commercialized, there are many different malware systems that someone can exploit. This means that sophisticated threat actors can hide in the noise, making it more difficult sometimes to say who does what and why.”