Facebook Blocked Russia and Belarus Hackers Targeting Ukraine

Ever since 2018, Facebook (now called Meta) has been sharing its open findings through adversary reports. Recently, Meta has released a report which has the following information.

• Three cyber-espionage networks from Iran and Azerbaijan removed
• Ukraine security update
• Removing four networks for coordinated inauthentic behavior
• Removing a mass reporting network in Russia
• Removing a coordinated violating network in the Philippines
• Removing inauthentic behavior

Cyber-espionage Networks from Iran and Azerbaijan Removed

UNC788 was the hacking group behind many cyber espionage activities. These hackers were responsible for tricking many people to reveal their PII about their devices and accounts. The hackers use the following TTPs (Tactics, Techniques, and Procedures).

• Social Engineering
• Phishing
• Malware

Another unreported hacking group also targeted multiple industries relating to 

• The information technology industry in India and the United Arab Emirates
• The maritime logistics industry in UAE, Iceland, Norway, Saudi Arabia, US, Israel, and India
• Telecommunications companies in Saudi Arabia and UAE and
• The semiconductor industry in Israel, the US, and Germany

Ukraine Security Update

Cyber espionage and covert influence activities were carried out online by Russian and Belarusian government-linked individuals. The Ukrainian telecom industry, as well as the global and Ukrainian defense and energy industries, tech platforms, and journalists and activists in Ukraine, Russia, and elsewhere, were all targets of this action.

Following the previous security report on Ukraine, we’ve witnessed a rise in Ghostwriter, a threat actor being monitored by the security community, attempting to hack members of the Ukrainian military. As we previously said, Ghostwriter primarily targets users through email compromise to utilize the information and obtain access to their social media accounts all over the internet.

This gang has tried to infiltrate several Ukrainian military personnel’s Facebook accounts since the previous public update. They posted videos appealing for the Army to surrender in a few cases, making it appear as if the posts were made by actual account owners. We made it impossible to disseminate these videos.

Other key summary points included

• The pilot quarterly threat report gives a comprehensive view of the threats they identified across several policy violations, including coordinated inauthentic behavior (CIB), cyber espionage, and other new harms like mass reporting.
• They took down a hybrid network operated by Azerbaijan’s Ministry of Internal Affairs which integrated cyber espionage with Coordinated Inauthentic Behavior (CIB) to strike Azerbaijan’s civil society by compromising accounts and websites and posting on their behalf.

A complete report was published by Meta on their adversary report.

You can follow us on Linkedin, Twitter, Facebook for daily Cybersecurity and hacking news updates.