Meta and Twitter block disinformation campaigns targeting Ukraine amid phishing warnings

Facebook parent company Meta Platforms Inc. and Twitter Inc. have blocked several disinformation operations targeting Ukraine, while Ukrainian officials have issued warnings about phishing campaigns.

The developments follow a series of earlier cyberattacks that targeted organizations in Ukraine. 

ZDNet reported today that the National Security and Defense Council of Ukraine has issued a warning about a phishing campaign through which hackers are attempting to obtain information from targets. The hackers are pretending to be the post office of the Security Service of Ukraine. Separately, the Cyber Police Department of the National Police of Ukraine issued a warning about phishing emails designed to appear like evacuation notices.

According to ZDNet, the Computer Emergency Response Team for Ukraine earlier warned of ongoing efforts by the Ghostwriter hacking operation to target organizations in the country. Ghostwriter is a hacking and disinformation operation that cybersecurity firm Mandiant Inc. linked to Belarus last year.

On Sunday, Meta announced that it has blocked a Ghostwriter disinformation campaign that targeted Facebook users. The campaign attempted to “target people on Facebook to post YouTube videos portraying Ukrainian troops as weak and surrendering to Russia,” Meta executives wrote in a Sunday update. Meta took steps to secure the targeted accounts and alerted the affected users. Additionally, the social network has blocked multiple phishing domains that the hackers used to try to trick people in Ukraine into compromising their online accounts.

Also on Sunday, Meta detailed that it has blocked a network of 40 fake accounts, Pages and Groups on Facebook and Instagram. The network attempted to promote disinformation websites masquerading as independent news outlets. “When we disrupted this network on our platform, it had fewer than 4,000 Facebook accounts following one of more of its Pages and fewer than 500 accounts following one or more of its Instagram accounts,” Meta stated. 

Separately, NBC reported today that Twitter has banned more than a dozen accounts for spreading disinformation. ““On Feb. 27, we permanently suspended more than a dozen accounts and blocked sharing of several links in violation of our platform manipulation and spam policy,” Twitter told NBC in a statement. “Our investigation is ongoing; however, our initial findings indicate that the accounts and links originated in Russia and were attempting to disrupt the public conversation around the ongoing conflict in Ukraine.”

Shortly before the updates from Meta and Twitter on their work to block disinformation campaigns, the Washington Post reported that a cyberattack had targeted a Ukrainian border control station. The station is responsible for processing people fleeing the country into neighboring Romania. 

The Post was notified of the cyberattack by prominent cybersecurity expert Chris Kubecka, who said that a data wiper malware was used. The cyberattack reportedly appears to have only impacted the Ukrainian border control and not the Romanian station. “It’s massively hitting the border control,” Kubecka told The Post. “They are processing people with pen and pencil.”

The U.N. said earlier today that more than 500,000 refugees have fled Ukraine to neighboring countries since Russia launched its invasion.

Image: Unsplash