The false surrender of Ukrainian soldiers on Facebook

A handful of Ukrainian soldiers, via their Facebook profiles, have invited their army comrades to surrender to the Russian invader. However, the request was bogus because these accounts were hacked, as Meta - Facebook's parent company - stated in its latest quarterly security report.

The disinformation campaign, called Ghostwriter, has targeted dozens of accounts of people within the Ukrainian armed forces, managing to compromise only a few profiles. The cybercriminals behind Ghostwriter were able to post videos calling on the Ukrainian army to surrender. Meta said it blocked the sharing of this content and put measures in place to protect accounts.

This attack, which began in late February and continued into March, was reported to have been conducted by a group known as Unc1151, which had previously been linked to the Belarusian government in a search by the security company Mandiant. The group, with the support of the state, is involved in collecting credentials and malware attacks, as well as helping to foster a narrative critical of NATO's presence in Eastern Europe.

The latest report also describes a number of other actions led by pro-Russian actors, including campaigns against several Ukrainian targets. For example, a network of Russian accounts attempted to silence Ukrainian users via masa reports. "We removed a network in Russia for abusing our reporting tools to repeatedly report people in Ukraine and Russia for false violations of Facebook policies," Meta said. This network included 200 accounts managed by Russia and increased its activity prior to the invasion of Ukraine.

In another case Meta claims that a group linked to the Belarusian secret services tried to organize a protest event against the Polish government in Warsaw. The event and the account that created it were discovered and taken offline.

Facebook also spotted a new Russian troll factory activity that interfered with the 2016 US election. These accounts, before being discovered, tried to drive traffic from the platform to a website that "blamed NATO and the West for the Russian attack and accused Ukrainian forces of targeting civilians".
< Speaking about this report during a call with reporters, Meta's president of public policy, Nick Clegg, said the company has seen a rise in disinformation. "Since the Russian invasion of Ukraine, we have seen attacks on internet freedom and access to information escalate," he said. Clegg went on to add that the company is considering new measures to prevent official Russian government accounts from spreading disinformation.