Meta says it is continuing to crack down on bad actors on its social media sites. The company, which owns Facebook and Instagram, said on Thursday that it had taken down a Russia-based troll farm from Instagram earlier this year that was churning out fake posts about the war in Ukraine.
Global Threat Intelligence Lead Ben Nimmo said the troll farm, referred to as “Cyber Front Z” based in St. Petersburg, was detected by Meta in mid-March and pulled down in early April. meta Quarterly Adverse Hazard ReportReleased on Thursday, it also noted that the group was linked to those linked to the Internet Research Agency, one of the key entities involved in the Russia-wide effort. Interference in the 2016 US presidential election, Since it was taken down, the troll farm has tried to come back, the report says, but the meta continues to trace and disable those attempts.
Nimmo said Cyber Front Z hired dozens of people from the street to defend Russia and look like authentic posts criticizing Ukraine.
“He ran a Telegram channel that basically asked people to leave pro-Russian comments on social media posts by public figures, journalists, politicians, celebrities, such as Angelina Jolie and Morgan Freeman.” Nimmo, who spoke on a press call on Thursday, said the troll farm targeted users on LinkedIn, Twitter and “many different platforms.”
In its report, Meta said that the troll farm operates 45 Facebook accounts and 1,037 Instagram accounts. It also reported that nearly 49,000 accounts followed one or more Instagram accounts.
Beyond Russia, the report also detailed actions taken by META against hacking group APT36, which operates out of Pakistan. The group targeted social media users in Afghanistan, India, Pakistan, the United Arab Emirates and Saudi Arabia, using various malicious tactics to infect devices with the malware.
“One of the interesting details we saw here is the use of social cards, which are online marketing tools that allow people to customize the image when a particular URL is shared on social media. Link to them by sharing a custom image,” said Mike Dvilensky, Meta’s head of cyber espionage investigations.
Meta also said that it has taken action against a cyber espionage operation in South Asia called Bitter APT. These hackers targeted users in New Zealand, India, Pakistan and the United Kingdom with malware.
Bitter APT’s strategy involved building trust with people and posing as attractive women, journalists or activists to trick them into clicking malicious links or downloading malware.
The META report described the Bitter APT attacks as “relatively low in sophistication and operational security,” but nonetheless “persistent and well-resourced.”
The Head of Meta Security Policy, Nathaniel Gleicher, expressed the hope that by sharing these threats, Meta users will be able to better defend themselves against these attacks.
“More bad actors will engage in cyber espionage and barrier to entry. Because these tools are commoditized, there are many different off-the-shelf malware systems that one can take advantage of. This means that sophisticated threat actors add to the noise. can hide, can make it sometimes it is difficult to tell who is doing what and why.”