Damien Black , Senior Journalist Updated on: 05 August 2022

The social media giant marks its fifth anniversary of sharing insights into threat actors operating on Facebook and Instagram with its latest quarterly report. And what a report it is – Pakistani spies, Hindu hardliners, and Russian partisans are just some of the diverse entities who have been active on its platforms.

Topping Meta’s list of internet ne’er-do-wells were two cyber-espionage groups – APT36, identified as probably originating in Pakistan, and Bitter, also from the South Asian region.

Both groups targeted people in Pakistan, with social media users in the UK, Saudi Arabia, India, and New Zealand also singled out by social engineering campaigns, Android-based malware, and fake websites.

“As part of these latest disruptions against both networks, we took down accounts, blocked their domain infrastructure from being shared on our services, and notified people who we believe were targeted by these malicious groups.” Meta disclosed in its report. “We also shared information with security researchers and our industry peers so they too can take action to stop this activity.”

APT36 posed as recruiters, attractive young women, and military personnel in a bid to gain the trust of targets. Bitter also found faking female sex appeal to be a useful tool until Meta clamped down on its illicit activities, which also included mimicking journalists and activists.

Between them, the groups used a variety of techniques, tactics, and procedures (TTPs), including disguised links, fake apps, malicious domains, compromised websites, and third-party hosting providers to distribute malware. However, Meta said both operations were relatively low-grade in sophistication, relying instead on sheer persistence to compromise targets.

Malware was not shared directly on Facebook by APT36, but links to sites that hosted it were, while Bitter used a custom program named Dracarys tailored to Android users that it inserted into accessibility functions originally designed to aid people living with disabilities.

“Bitter injected Dracarys into trojanized versions of YouTube, Signal, Telegram, WhatsApp, and custom chat applications capable of accessing call logs, contacts, files, text messages, geolocation, device information, taking photos, enabling microphone, and installing apps,” said Meta, adding that the malware has yet to be identified by any anti-virus programs that it is aware of.

A multitude of sins

Meta’s banning of the two groups is just the tip of the iceberg in its ongoing struggle to weed out bad actors on its hugely popular social media platforms, which continue to be fertile grounds for all kinds of interest groups, many of them political in nature.

As such, Russia featured quite prominently, using Instagram and other platforms as a launchpad for various disinformation campaigns promoting the Kremlin’s “denazification” pretext for the invasion of Ukraine. However, Meta also shared some evidence to suggest that Ukrainian activists have been fighting back, subverting or contradicting Russian information operations where they could.

A threat group identified by Meta as Cyber Front Z was banned from Facebook and Instagram for such activities, which it said involved a troll farm based in St Petersburg using social media to promote narratives favorable to the Russian invasion.

Nicknamed the “beanbag trolls” after comfortable seating arrangements provided by the Kremlin to its small army of cyber partisans – a hundreds-strong group that Meta says was infiltrated by undercover journalists in March – Cyber Front Z was booted off Facebook after it was found to be running 45 accounts and an advertising campaign on the platform to push its propaganda.


Screenshot from secret footage of “beanbag troll” in St Petersburg, taken by an undercover journalist and attributed by Meta to Andrei Soshnikov and YouTube.

Targets of the beanbag trolls included Finnish prime minister Sanna Marin during her visit to Ukraine in May, when she was defamed in a Telegram post that linked to Instagram, which Meta acquired the month before.

“We must explain to the Finnish politician that Ukraine will be liberated from Nazism by the Russian army, so petitions from [Volodymir] Zelensky from the cocaine acceptance center are not her level,” reads an English translation of the original post. “Let’s fly here and massively urge not to support the Ukronazis. Stop support ukrainian nazi [sic], Sanna! Russia will free Ukraine from the criminal regime!”

Commenting on the findings, Meta said: “While the original story did not mention our apps, we were able to uncover a network of related accounts on Instagram. It appears that the organizers used the people they hired as simply a typing pool to flood pro-Ukrainian posts with comments on one topic only – Russia’s war – using very basic, fake accounts that kept getting caught.”


Pro-Russia post attacking Finnish premier Sanna Marin for her visit to Ukraine in support of the invaded country.

Z-grade shenanigans

As with the South Asian espionage groups it intercepted, Meta said the Cyber Z campaign was “low in sophistication” and had been largely detected and disabled by its automated systems “even before we found their link to this activity.”

While core TTPs employed by the Z Team involved using fake social media accounts operated by paid posters, there was some evidence that these themselves had been compromised, with pro-Ukrainian messages copied and pasted onto Russian propagandist threads.

“In isolated cases, the fake accounts appear to have assumed a split personality when posting in English versus Russian,” Meta explained. “The same account would reply to some posts with its usual pro-Russia comments, and to other posts they’d respond with pro-Ukraine comments. In some cases, they appeared to have copied and pasted pro-Ukraine comments from the very groups the Z Team explicitly opposed. This might be a case of individual operators undermining this fictitious movement from within.”

At other times, the Z Team appeared to bungle its efforts, for instance, urging sympathizers on Telegram to visit what it thought was the official Instagram page of hawkish UK foreign secretary Liz Truss – only to direct them to a fan site numbering some 30 followers that had not been active since 2018.


Botched attempt to encourage cyber-volunteers to harass UK prime ministerial candidate Liz Truss, only to misdirect them to a defunct fan site.

“We saw more failed attempts to drum up a conversation on other platforms, including Twitter and YouTube,” said Meta, citing one example in May, when the Z Team steered people toward Twitter accounts belonging to the President of Poland, the International Ice Hockey Federation (IIHF), and the French Tennis Federation. “None of these showed a high volume of pro-Russia comments, while some people called them out as Russian trolls,” it said.

Hindu harassment

Other alleged wrongdoers who found themselves exiled from Meta’s social media empire included what it believes to be Hindu hardliners, who set up bully “brigades” to harass local dissidents for posting content these actors deemed “offensive” to the ancient Indian religion.

“We took down a brigading network of about 300 accounts on Facebook and Instagram in India that worked together to mass-harass people, including activists, comedians, actors and other influencers,” said Meta. “This network was active across the internet, including Facebook, Instagram, YouTube, Twitter, and Telegram.”

Meta said the bad actors behind the campaign used its apps to present “a combination of authentic and duplicate accounts, many of which were disabled for violating our rules against hate speech and harassment by our scaled, automated systems.”

It added that the haters themselves played the hate-speech card in efforts to whip up anger and manipulate other social media users into joining their campaign of intimidation. “These accounts would call on others to harass people who posted content that this group deemed offensive to Hindus,” said Meta. “The members of this network would then post high volumes of negative comments under the targets’ posts. In response, some people would hide or delete their posts, leading to celebratory comments claiming a ‘successful raid.’”

Meta added that it considers brigading to be online activity on its platforms that includes “repetitive targeting to harass or silence people,” evidence of “coordination” through social media signaling, a “high volume of activity,” and “efforts to evade enforcement.”

Meta’s ongoing fight

Other bad actors expelled from Meta’s virtual domains included apparent extremists in Israel who targeted people in Palestinian territories as well as Angola and Nigeria, pro-police partisans in Malaysia opposed to political opposition to the government there, and fake pundits in the Philippines who used local elections as a lure to target victims with spam.

Meta said it had begun public disclosures about threat actors on its platforms in response to perceived Russian misinformation or what it calls “influence operations,” and that it expected its reporting focus to change as global threats and trends continue to shift.

“We expect the make-up of this report to continue to evolve in response to the changes we see in the threat environment and as we expand to cover new areas of our trust and safety work,” it said. “This report is not meant to reflect the entirety of our security enforcements, but to share notable trends and investigations to help inform our community’s understanding of the evolving security threats we see.”

It also urged cybersecurity professionals to come forward with any information that might be useful in contributing to future quarterly reports.

“We welcome ideas from our peers across the defender community to help make these reports more informative, and we’ll adjust as we learn from feedback,” it said.


New parallel twin Honda CB750 Hornet unveiled

The Honda CB600 Hornet is probably one of the coolest bikes you can have in your garage. Similarly, the CB750, which is now considered by many as one of Honda’s finest creations, is a must-have in your garage. Honda has stopped production for both models but has recently released ...

View more: New parallel twin Honda CB750 Hornet unveiled

Xiaomi Civi 2 Price in Malaysia & Specs

The Xiaomi Civi 2 is powered by a Qualcomm Snapdragon 7 Gen 1 (4 nm) CPU processor with 128GB 8GB RAM, 256GB 8GB RAM, 256GB 12GB RAM, UFS 2.2. The device also has a 6.55-inch AMOLED (1080 x 2400 pixels, 402 ppi) display. It has a Triple: 50 MP, ...

View more: Xiaomi Civi 2 Price in Malaysia & Specs

Google Pixel 7 And Pixel 7 Pro Round Up: Expected Price In India, How To Watch Launch Event Online, Specifications, More

Google's new Pixel smartphone series is coming this week and Indians will also get a chance to use them this year.

View more: Google Pixel 7 And Pixel 7 Pro Round Up: Expected Price In India, How To Watch Launch Event Online, Specifications, More

Redmi Pad Malaysia release: Available for purchase starting today, prices from RM899

Besides launching the Xiaomi 12T series in Malaysia yesterday, Xiaomi also released its latest tablet offering, the Redmi Pad in our country. Available for purchase at Authorised Xiaomi Stores and other retailers in Malaysia as well as online at Xiaomi’s official stores on Lazada and Shopee, the Redmi Pad ...

View more: Redmi Pad Malaysia release: Available for purchase starting today, prices from RM899

New 10-seater Hyundai Staria launched in Malaysia – from RM179,888

If you’re in the market for a large people carrier, Hyundai-Sime Darby Motors (HSDM) has just launched the new 10-seater Hyundai Staria in Malaysia. Available in three variants (Lite, Plus, and Max), the prices of the 10-seater Hyundai Staria start at RM179,888. Yes, the 10-seater Hyundai Staria actually has ...

View more: New 10-seater Hyundai Staria launched in Malaysia – from RM179,888

10-seater 2022 Hyundai Staria launched in Malaysia; from RM 179k, 3 variants, 2.2L turbodiesel

The 10-seater 2022 has just been launched in Malaysia, coming in with a sharper focus to the commercial or plain ol’ people-carrying side of things. There’s three variants (Lite, Plus, Max), and prices start from RM 179,888. Essentially also, this succeeds the long-standing Hyundai Starex. The three Staria 10-seater ...

View more: 10-seater 2022 Hyundai Staria launched in Malaysia; from RM 179k, 3 variants, 2.2L turbodiesel

Oppo A77s With Qualcomm Snapdragon 680 SoC and 50MP Camera Launched: Price, Specifications

The Oppo A77s offers a 90Hz refresh rate display but it has only HD+ resolution.

View more: Oppo A77s With Qualcomm Snapdragon 680 SoC and 50MP Camera Launched: Price, Specifications

Redmi Pad First Sale Today: Price in India, Launch Offers, Specifications and More

The Redmi Pad buyers will be able to avail 2 months of YouTube Premium as a freebie.

View more: Redmi Pad First Sale Today: Price in India, Launch Offers, Specifications and More

2022 Hyundai Staria 10-seater Launched - 3 Variants, Lite, Plus and Max - Priced From RM180k

The Seven Deadly Sins: Grand Cross celebrates 50 million downloads with new character, login bonuses and more

Missed buying Nothing Phone (1) during Big Billion Days? You Can Still Get It With Similar Offers on Flipkart

2023 BMW XM Due in Australia First Half of 2023

5 iOS, Android Productivity Apps That are Helpful for Students

Spiritfarer lets players guide souls into the afterlife, out now on mobile via Netflix

Moto E32 India Launch Date Set for October 7: Specifications and Everything We Know About

2023 Toyota GR Supra pricing announced, manual due in November

Redmi Pad Price in Malaysia & Specs

2023 Hyundai Ioniq 6 WLTP driving range ranks among best in class

Suzuki Jimny 5-door spied ahead of expected 2023 reveal

How to Change App Icon Size on Your Android Device


Top Car News Car News