Facebook Parent Meta Battles Troll Farms, Hackers

Facebook parent Meta said Thursday it pulled down fake accounts from a group of Russian internet trolls that tried to create the appearance of support for Russia’s war in Ukraine.

The troll farm created accounts on both Meta-owned Facebook and Instagram and posted pro-Russia comments on content from media outlets and influencers. Meta pull down 1,037 Instagram accounts and 45 Facebook accounts from this group. The company linked the accounts to a group called “Cyber Front Z” and people tied to activity by the Internet Research Agency, an infamous Russian troll farm that also attempted to influence the 2016 US presidential election. 

Meta’s actions show how the company continues to combat cybersecurity threats. Lawmakers and advocacy groups have criticized the social media giant in the past for not acting quickly enough to combat political disinformation. Meta shared details about its investigations in a 36-page quarterly report that also outlined how it’s tackling hackers and other threats.

Ben Nimmo, Meta’s global threat intelligence lead for influence operations, said in a call with reporters that Meta has been catching accounts tied to the Internet Research Agency more quickly than it has in the past, pulling down the fake accounts in weeks rather than years. The company started taking action against these fake accounts in March, and Instagram’s automated technology caught more than half of the accounts, the report said. 

The troll farm used messaging app Telegram to coordinate its efforts and target other platforms including TikTok, Twitter, YouTube and LinkedIn. In one Telegram post from May, the trolls urged its followers to post on the Twitter and Instagram accounts of Finnish Prime Minister Sanna Marin with pro-Russia comments such as “We must explain to the Finnish politician that Ukraine will be liberated from Nazism by the Russian army.” Meta started looking into its platforms after the Russian news outlet Fontanka reported on the topic.

The troll farm tried to create the false perception that its efforts were successful, but it wasn’t doing a good job, Meta said.

“We didn’t see evidence to suggest that they’ve succeeded in rallying substantial authentic support but we do expect them to keep trying and we’re here to keep on blocking attempts,” Nimmo said.

Meta also said it took action against two hacking groups from South Asia. One of the groups, known as Bitter APT, targeted people in New Zealand, India, Pakistan and the United Kingdom. It tried to trick people into handing over personal information or downloading malware.

For example, it created a chat app Apple users could download through a service that developers use to test new apps. 

“We don’t have any visibility into whether this app contained malicious code and assess that it may have been used for further social engineering on an attacker-controlled chat medium,” the report said. Social engineering is a manipulation tactic hackers use to dupe people into providing confidential information such as their passwords. Meta said it reported the findings to Apple but don’t “have visibility” into what actions the company took. The hacking group also used an Android malware in non-official versions of YouTube, Signal, Telegram, WhatsApp and other chat apps. 

Apple didn’t immediately respond to a request for comment.

“Our goal is to expose these threat actors and contain their operations regardless of where they target,” said Nathaniel Gleicher, head of security policy at Meta. “But a whole society response is essential to tackle these cross-platform threats.”