Meta releases adversarial threat report for first quarter

Meta shares its pilot quarterly adversarial threat report that provides a broad view into the risks that we see worldwide and across multiple policy violations. In many of these cases, threat actors targeted multiple platforms, including Facebook, Instagram, Youtube, Twitter, LinkedIn, Telegram, VK and OK, in addition to running their own websites and compromising legitimate sites. Meta shared its latest findings with its peers at tech companies, security researchers, governments and law enforcement. The company is also alerting the people who they believe were targeted by these campaigns, when possible.

The company's public security reporting began over four years ago when it first shared their findings about coordinated inauthentic behavior (CIB) by the Russian Internet Research Agency. Since then, global threats have significantly evolved, and it has expanded their ability to respond to a wider range of adversarial behaviors. To provide a more comprehensive view into the risks they see, its now expanding their regular reporting to include cyber espionage, inauthentic behavior and other emerging harms in one place, as part of the quarterly reporting it is testing. The company also shares threat indicators at the end of its report to contribute to the efforts by the security community to detect and counter malicious activity elsewhere on the internet. It welcome ideas from the security community to help them make these reports more informative, and it will adjust as they learn from feedback.

Summary of company's Findings

"In Iran, we took action against two cyber espionage operations. The first network was linked to a group of hackers known in the security industry as UNC788. The second was a separate, previously unreported group that targeted industries like energy, telecommunications, maritime logistics, information technology, and others.

In Azerbaijan, we removed a hybrid network operated by the Ministry of Internal Affairs that combined cyber espionage with CIB to target civil society in Azerbaijan by compromising accounts and websites to post on their behalf.

We’re also sharing an update on our enforcements in Ukraine, including attempts by previously disrupted state and non-state actors to come back on the platform, in addition to spam networks using deceptive tactics to monetize public attention to the ongoing war.

Under our Inauthentic Behavior policy against mass reporting, we removed a network in Russia for abusing our reporting tools to repeatedly report people in Ukraine and in Russia for fictitious policy violations of Facebook policies in an attempt to silence them.

In South America, we removed CIB operations from Brazil and Costa Rica and El Salvador. The Brazilian network is the first operation we’ve disrupted that primarily focused on environmental issues.

In the Philippines, as part of disrupting new and emerging threats, we removed a coordinated violating network that claimed credit for bringing websites down and defacing them, including those of news entities. Under our Inauthentic Behavior (IB) policies, we also took down tens of thousands of accounts, Pages and Groups around the world for inauthentically inflating the distribution of their content and abusive audience building, including in the Philippines. Our report provides insights into how spammers leverage IB strategies to monetize people’s attention to the upcoming election in the Philippines and the measures we took to stop them.", according to the company's report.