Russia focused on US, Ukraine, Africa with coordinated tactics on websites like Facebook: Meta

A new threat report from Meta documents such behavior worldwide.

December 15, 2022, 8:09 AM

Meta, the parent company of Facebook, Instagram and other massive digital platforms, announced Thursday that since 2017 they disrupted more than 200 global networks engaging in coordinated inauthentic behavior (CIB).

Two-thirds of the 200-plus networks that Meta stopped focused on domestic audiences in the countries where the CIB network originated, according to the company's newest threat report, released on Thursday.

Meta has defined some CIB attempts as "efforts to manipulate public debate for a strategic goal where fake accounts are central to the operation."

Russia was a major driver of the coordinated digital activity, Meta found. Nathaniel Gleicher, the head of security policy, said that "Ukraine was the most frequent target of Russian operations, followed by Russian operations targeting Africa broadly. The U.S. [as a target] was third."

Meta's report states that more than 100 countries have been targeted by at least one CIB network since 2017. The most frequent target was the U.S. -- by 34 networks -- followed by Ukraine, which was targeted by 20 networks.

Most of the CIB networks originated in three countries, according to the Meta report: Russia, home to 34 of them, which included Meta's first and 200th takedown; Iran, which had 29; and 13 in Mexico.

Guy Rosen, chief information security officer for Meta, said that in 2023, "you should expect us to double down to address the threat in a few areas." The company -- which has long drawn attention and scrutiny for its security efforts because of its enormous user base -- expects "a rise in off-platform targeting attempts that then compromise social media accounts," Rosen said.

In this June 20, 2022, file photo, signage for Meta Platforms Inc. is shown inside its India headquarters in Gurugram, India.
Bloomberg via Getty Images, FILE

One of the ways the social media giant is looking to combat such attacks will be through a live chat support option. The company said it has tested the new chat support with more than a million people in eight countries, with plans to expand testing into 30 other countries.

Among the threats Meta found on its platforms were surveillance-for-hire or commercial spyware vendors -- threat actors who provide powerful surveillance capabilities to a client.

These vendors have been based in Russia, Israel, India, China and the U.S. and targeted people in 200 countries, including journalists, political opposition figures and human rights activists.

Gleicher said, "This industry effectively democratizes surveillance, making it available to many more government and non-government groups that could build them on their own. So they're exponentially increasing the supply of threat actors in the world."

In this Jan. 31, 2022, file photo, signage is shown in front of Meta Platforms headquarters in Menlo Park, Calif.
Bloomberg via Getty Images, FILE

Meta's view is that solutions to this should flow from governments like the U.S., Rosen told reporters on Wednesday: "We really believe that we need a concerted regulatory response by democratic governments."

As one example of its threat disruption work, during the 2020 midterm elections, Meta discovered a Chinese operation targeting public debate in the U.S. which Gleicher described as an "evolution of techniques and tactics" even though it was "quite small" and "pretty unsuccessful."

Meta said they are heavily invested in countering influence operations. Gleicher told ABC News that in response to such efforts "bad actors are looking to move away from the major platforms to smaller websites, to smaller platforms."

"We've seen some increase in targeting of petition websites or sort of fundraising websites where people gather to make their voice known and advocate for a particular issue," he said.