Meta on Thursday announced it took down two cyber espionage operations in South Asia and a Russian troll farm that sought to prop up support for the country’s invasion of Ukraine.
Meta, which owns platforms like Facebook and Instagram, announced the findings in its “Quarterly Adversarial Threat Report,” also detailing its efforts to combat coordinated schemes in places like Greece, India and South Africa.
The company in particular highlighted its mitigation of a troll farm operated from St. Petersburg, dubbed “Cyber Front Z,” that it said was linked to individuals associated with past activity by Russia’s Internet Research Agency (IRA), a troll farm that led the effort to spread disinformation around the 2016 U.S. presidential election.
Meta said it began taking action against Cyber Front Z in March, shortly after Russia invaded Ukraine, and it took down the network in early April.
The tech giant said the troll farm hired people in shifts seven days a week to comment with pro-Russia content on posts supporting Ukraine published by celebrities like Angelina Jolie and politicians like the Finnish prime minister.
“This appeared to be a poorly executed attempt, publicly coordinated via a Telegram channel, to create a perception of grassroots online support for Russia’s invasion by using fake accounts to post pro-Russia comments on content by influencers and media,” the company said in its report.
Meta said the troll farm attempted to come back on multiple occasions, but the company continued to detect and disable its work, which it said included the use of 45 Facebook accounts, 1,037 Instagram accounts and about $1,400 in advertising spending on both platforms paid for in rubles.
“This deceptive operation was clumsy and largely ineffective — definitely not ‘A team’ work,” the company wrote. “On Instagram, for example, more than half of these fake accounts were detected and disabled by our automated systems soon after creation. Their efforts didn’t see much authentic engagement, with some comments called out as coming from trolls.”
Separately, Meta said it took action against a group of hackers, known as Bitter APT, that operated in South Asia and distributed malware to targets in New Zealand, India, Pakistan and the United Kingdom.
The tech giant said it also took action against activity connected with state-linked actors in Pakistan that infected devices with malware in Afghanistan, India, Pakistan, the United Arab Emirates and Saudi Arabia.
Meta has long faced scrutiny for disinformation campaigns that operate on its platforms, but the company in its report touted its efforts to mitigate threats and behaviors that violate its policies.
Meta says it has publicly reported its threat analysis since 2017 and has since expanded its reporting to include cyber espionage, mass reporting, inauthentic amplification, brigading and other malicious behaviors.