Meta says it has detected and removed two disinformation campaigns regarding the current Russia-Ukraine war. These campaigns, it says, were run by groups in Russia and Ukraine to target Ukraine users.

In the post, Nathaniel Gleicher, Meta’s head of security policy, and David Agranovich, Meta’s director of threat disruption said:

“We took down this operation, blocked their domains from being shared on our platform, and shared information with other tech platforms, researchers and governments. This network used fake accounts and operated fictitious personas and brands across the internet — including on Facebook, Instagram, Twitter, YouTube, Telegram, Odnoklassniki and VK — to appear more authentic in an apparent attempt to withstand scrutiny by platforms and researchers.”

They noted that the fictitious personas used in these campaigns were likely generated using generative adversarial networks (GAN), technology that is used in disinformation campaigns with the use of fake videos and several fraud scams. These personas claim to be within Ukraine and in white-collar jobs pre-conflict.

The misinformation campaign involves websites masquerading as independent news outlets that push claims that the West has failed Ukraine and that it’s now a failed state. Meta links the campaign with a previous campaign it removed in April 2020. Both are linked to individuals in Russia, Donbas—a region in Ukraine populated by separatist groups, most of whom are “ethnically Russian and identify as Russian,” and media organizations previously sanctioned by the US government.

Gleicher and Agranovich also said Meta had seen Ghostwriter—a known hacking group aligned with Belarusian government interests—targeting Ukrainian Facebook and Instagram users in the past several days.

“We detected attempts to target people on Facebook to post YouTube videos portraying Ukrainian troops as weak and surrendering to Russia, including one video claiming to show Ukrainian soldiers coming out of a forest while flying a white flag of surrender.”

In a previous post, we noted that misinformation is one of the six risks internet users could encounter online during this crisis period. To curb this and other online threats, Meta has rolled out additional security and privacy measures to protect both its users in Ukraine and Russia.

On top of promoting fake news, Ghostwriter has also targeted Ukrainians with phishing attacks, Gleicher and Agranovich said. Meta already blocks these phishing domains.

“We encourage people to use caution when accepting friend requests and opening links and files from people they don’t know. Please refrain from reusing the same passwords across different services to prevent malicious hackers from gaining access to your information. We also strongly recommend using two-factor authentication on all online accounts.”