Advertisement

Facebook shut down Russian APT28 trolls before the 2016 U.S. election

Facebook shut down Russian APT28 trolls before the 2016 U.S. election
From TechCrunch - April 9, 2018

The most interesting part of Mark Zuckerbergsprepared testimony for Congress that was released today shows that Facebook has been fighting Russian election interference since before the 2016 U.S. presidential race. Facebookshut down accounts related to Russian GRU military intelligence-linked group APT28, also known as Fancy Bear, which had created an organization called DCLeaks run by fake personas to seed stolen information to journalists.

Wired detailed the methods of the Advanced Persistent Threat 28 group in January 2017. APT28 uses zero-day exploits, malware-equipped spearfishing emails, publicly known but unfixed vulnerabilities in computer systems and malicious iFrames embedded in hacked websites to steal peoples files. The group has been connected to attacks againstNATO, French television station TV5Monde and the World Anti-Doping Agency.

The Washington Post reported in September 2017 that Facebook had detected the APT28 accounts in June 2016 and reported their activity to the FBI, but didnt detail that Facebook had fought back directly by shutting down their accounts. Facebook had not previously confirmed this story.

Heres Zuckerbergs full explanation of the situation:

Elections have always been especially sensitive times for our security team, and the 2016 U.S. presidential election was no exception. Our security team has been aware of traditional Russian cyber threatslike hacking and malwarefor years. Leading up to Election Day in November 2016, we detected and dealt with several threats with ties to Russia. This included activity by a group called APT28, that the U.S. government has publicly linked to Russian military intelligence services. But while our primary focus was on traditional threats, we also saw some new behavior in the summer of 2016 when APT28-related accounts, under the banner of DC Leaks, created fake personas that were used to seed stolen information to journalists. We shut these accounts down for violating our policies.

Advertisement

Continue reading at TechCrunch »