Meta says that it’s continuing to crack down on bad actors across its social media sites. The company, which owns Facebook and Instagram, reported Thursday that it had taken down a Russia-based troll farm from Instagram earlier this year that had been churning out phony posts about the war in Ukraine.
Global threat intelligence lead Ben Nimmo said the troll farm, referred to as “Cyber Front Z,” based in St. Petersburg, was detected by Meta in mid-March and taken down by early April. Meta’s Quarterly Adversarial Threat Report, released Thursday, also noted the group was linked to people who had been associated with the Internet Research Agency, one of the major entities involved in Russia’s sprawling efforts to interfere in the 2016 U.S. presidential election. Since it was taken down, the troll farm has tried to come back, the report says, but Meta continues to detect those efforts and disable them.
Nimmo said Cyber Front Z hired dozens of people off the street to make what appeared to look like authentic posts defending Russia and criticizing Ukraine.
“They ran a Telegram channel that told people basically to leave pro-Russian comments on social media posts by public figures, journalists, politicians, celebrities, like Angelina Jolie and Morgan Freeman.” Nimmo, who spoke on a press call Thursday, said the troll farm targeted users on LinkedIn, Twitter and “many different platforms.”
In its report, Meta said the troll farm operated 45 Facebook accounts and 1,037 Instagram accounts. It also reported that about 49,000 accounts followed one or more of the Instagram accounts.
Beyond Russia, the report also detailed actions Meta took against hacking group APT 36, which operates out of Pakistan. The group targeted social media users in Afghanistan, India, Pakistan, the United Arab Emirates and Saudi Arabia using various malicious tactics to infect devices with malware.
“One of the interesting details we observe here is use of social cards, which are online marketing tools that allow people to customize the image to play when a particular URL is shared on social media. This is another attempt here to essentially trick users into trusting the link to them by sharing a custom image,” said Mike Dvilyansky, Meta’s head of cyber espionage investigations.
Meta also said it had taken action against a cyber espionage operation in South Asia known as Bitter APT. These hackers targeted users in New Zealand, India, Pakistan and the United Kingdom with malware.
Bitter APT’s tactics included posing as attractive women, journalists, or activists to build trust with people and get them to click on malicious links or download malware.
Meta’s report characterized Bitter APT attacks as “relatively low in sophistication and operational security” but nonetheless “persistent and well-resourced.”
The head of Meta security policy, Nathaniel Gleicher, expressed the hope that by sharing these threats, Meta users will better be able defend against these attacks.
“More bad actors will engage in cyber espionage and barrier to entry. Because these tools are commoditized, there are many different off-the-shelf malware systems that someone can leverage. It means that sophisticated threat actors can hide in the noise, making it harder at times to tell who’s doing what and why.”