Pierluigi Paganini July 29, 2019

Facebook recently announced that it removed multiple pages, groups, and accounts tied to Russia involved in psyops ahead of the election in Ukraine.

Facebook spotted four campaigns that appear independent, three of them associated with Russian threat actors.

One of the operations involved 18 Facebook accounts, nine pages, and three groups. Threat actors attempted to influence the sentiment of users in Ukraine regarding the relationship between the Russian and the Ukrainian governments.

The threat actors behind this campaign created fake profiles, impersonated deceased Ukrainian journalists, and engaged in fake engagement tactics. They also used a number of fake accounts to increase the popularity of their content and also to propose people content outside the social network.

Experts discovered that about 80,000 accounts followed one or more of these pages, and about 10 accounts joined at least one of these groups. According to Facebook, threat actors spent less than $100 on Facebook ads.

“We found four separate, unconnected operations that originated in Thailand, Russia, Ukraine and Honduras. We didn’t find any links between the campaigns we’ve removed, but all created networks of accounts to mislead others about who they were and what they were doing.” reads the report published by Facebook.

Facebook conducted an internal investigation into suspected Russia-linked coordinated inauthentic behavior, ahead of the elections in Ukraine.

Facebook also identified another campaign focused on Ukraine that involved 83 accounts, two Pages, 29 Groups, and five Instagram accounts engaged in coordinated inauthentic behavior that originated in Russia and the Luhansk region in Ukraine. 

In this case, threat actors used fake accounts to impersonate military members in Ukraine and managed Groups posing as authentic military communities. Some of the Groups were used to disseminate content about Ukraine and the Luhansk region.

Content published by the operators includes topics like the military conflict in Eastern Ukraine, Ukrainian public figures and politics. Below some data related to this campaign:

• Presence on Facebook and Instagram: 83 Facebook accounts, 2 Pages, 29 Groups, and 5 Instagram accounts.
• Followers: Fewer than 1,000 accounts followed one or more of these Pages, under 35,000 accounts joined at least one of these Groups, and around 1,400 people followed one or more of these Instagram accounts.
• Advertising: Less than $400 spent on Facebook and Instagram ads paid for in US dollars.

A third campaign originating in Thailand focusing mainly on geopolitical issues appear to be the result of a Russian threat actor.

“We removed 12 Facebook accounts and 10 Facebook Pages for engaging in coordinated inauthentic behavior that originated in Thailand and focused primarily on Thailand and the US.” continues Facebook

“They also frequently shared divisive narratives and comments on topics including Thai politics, geopolitical issues like US-China relations, protests in Hong Kong, and criticism of democracy activists in Thailand. “

The activity was coordinated by threat actors in Thailand that is associated with a Moscow-based news outlet called New Eastern Outlook (https://journal-neo.org/), a Russian government-funded journal.

This operation was pushed with an investment in advertising on Facebook under $18,000:

• Presence on Facebook: 12 accounts and 10 Pages.
• Followers: About 38,000 accounts followed one or more of these Pages.
• Advertising: Less than $18,000 in spending for ads on Facebook paid for in US dollars.

Finally, Facebook removed 181 accounts and 1,488 Facebook Pages that were involved in domestic-focused coordinated inauthentic activity in Honduras. Operators aimed at increasing the president’s popularity by creating positive content about his political activity.

Pierluigi Paganini

(SecurityAffairs – Facebook, Ukraine)

[adrotate banner=”5″]

[adrotate banner=”13″]