Facebook Parent Meta Battles Troll Farms, Hackers

Queenie Wong Former Senior Writer
Queenie Wong was a senior writer for CNET News, focusing on social media companies including Facebook's parent company Meta, Twitter and TikTok. Before joining CNET, she worked for The Mercury News in San Jose and the Statesman Journal in Salem, Oregon. A native of Southern California, she took her first journalism class in middle school.
Expertise I've been writing about social media since 2015 but have previously covered politics, crime and education. I also have a degree in studio art. Credentials
  • 2022 Eddie award for consumer analysis
Queenie Wong
3 min read
Facebook logo above a phone screen with the Meta logo on it

Facebook renamed itself Meta last year to reflect its focus on virtual worlds. 

James Martin/CNET

What's happening

Meta has released a quarterly report that outlines the actions it's taken against troll farms, fake accounts and hackers.

Why it matters

The social media giant has faced scrutiny in the past for not doing enough to combat disinformation. The report provides more details about how it's tackling cybersecurity threats.

Facebook parent Meta said Thursday it pulled down fake accounts from a group of Russian internet trolls that tried to create the appearance of support for Russia's war in Ukraine.

The troll farm created accounts on both Meta-owned Facebook and Instagram and posted pro-Russia comments on content from media outlets and influencers. Meta pull down 1,037 Instagram accounts and 45 Facebook accounts from this group. The company linked the accounts to a group called "Cyber Front Z" and people tied to activity by the Internet Research Agency, an infamous Russian troll farm that also attempted to influence the 2016 US presidential election

Meta's actions show how the company continues to combat cybersecurity threats. Lawmakers and advocacy groups have criticized the social media giant in the past for not acting quickly enough to combat political disinformation. Meta shared details about its investigations in a 36-page quarterly report that also outlined how it's tackling hackers and other threats.

Ben Nimmo, Meta's global threat intelligence lead for influence operations, said in a call with reporters that Meta has been catching accounts tied to the Internet Research Agency more quickly than it has in the past, pulling down the fake accounts in weeks rather than years. The company started taking action against these fake accounts in March, and Instagram's automated technology caught more than half of the accounts, the report said. 

The troll farm used messaging app Telegram to coordinate its efforts and target other platforms including TikTok, Twitter, YouTube and LinkedIn. In one Telegram post from May, the trolls urged its followers to post on the Twitter and Instagram accounts of Finnish Prime Minister Sanna Marin with pro-Russia comments such as "We must explain to the Finnish politician that Ukraine will be liberated from Nazism by the Russian army." Meta started looking into its platforms after the Russian news outlet Fontanka reported on the topic.

The troll farm tried to create the false perception that its efforts were successful, but it wasn't doing a good job, Meta said.

"We didn't see evidence to suggest that they've succeeded in rallying substantial authentic support but we do expect them to keep trying and we're here to keep on blocking attempts," Nimmo said.

Meta also said it took action against two hacking groups from South Asia. One of the groups, known as Bitter APT, targeted people in New Zealand, India, Pakistan and the United Kingdom. It tried to trick people into handing over personal information or downloading malware.

For example, it created a chat app Apple users could download through a service that developers use to test new apps. 

"We don't have any visibility into whether this app contained malicious code and assess that it may have been used for further social engineering on an attacker-controlled chat medium," the report said. Social engineering is a manipulation tactic hackers use to dupe people into providing confidential information such as their passwords. Meta said it reported the findings to Apple but don't "have visibility" into what actions the company took. The hacking group also used an Android malware in non-official versions of YouTube, Signal, Telegram, WhatsApp and other chat apps. 

Apple didn't immediately respond to a request for comment.

"Our goal is to expose these threat actors and contain their operations regardless of where they target," said Nathaniel Gleicher, head of security policy at Meta. "But a whole society response is essential to tackle these cross-platform threats."