Ukraine’s security agency has shut down five bot farms since the start of Russia’s invasion of the country almost five weeks ago, slowing down a Russian operation designed to spread disinformation in the war-torn country and to sow panic among its frightened residents.
In a statement this week, Ukraine’s Security Service (SSU) said the bot farms were located in Kharkiv – a city near the northern border of Russia that has been the site of some of the fiercest fighting – Cherkasy along the Dnieper River that cuts through the country, and the Ternopil and Zakarpattia regions in the western part of Ukraine.
During searches of the locations, the SSU officers found more than 100 GSM gateway appliances, almost 10,000 SIM cards from a variety of mobile carriers used to disguise the identity of the users and laptops and other computer equipment “with evidence of illegal actions,” including controlling the bots, they said.
They also said the bots used more than 100,000 fake social media accounts that were deployed to spread the disinformation
The discovery of the bot farms and the extensive tech operations they were running is the latest example of an extensive cyber warfare campaign the Russians launched in the run up to the February 24 invasion and have continued in the weeks since.
The invasion has also caused a rift between cyberthreat groups as many pick sides in the conflict.
Throughout the invasion, Russia has worked to control the flow of information, both within its own country as well as in Ukraine. The bot farms were used to spread disinformation about the fighting, including pushing information on how well Russia’s own army was supposedly doing and the status of Ukraine’s fighters. The goal was to discourage Ukraine residents and instill fear as they fought back or tried to flee the country.
“It was established that the attackers were spreading misinformation about the full-scale Russian invasion of our state and spreading distorted news from the front,” the SSU wrote. “Thus, they tried to inspire panic among Ukrainian citizens and destabilize the socio-political situation in various regions.”
It was unclear whether any arrests were made. The SSU noted that criminal proceedings had already been initiated against the operators under Article 110 of Ukraine’s criminal code, which addresses the “encroachment on the territorial integrity and inviolability of Ukraine.” The Ukrainian security service added that “urgent comprehensive measures are underway to bring to justice those involved in the aggression against our state.”
Whether that includes anyone arrested in connection with the raid on the bot farms isn’t detailed in the statement.
Shutting down the bot farms is only the latest move by Ukrainian officials to stem the flow of disinformation in the country. Earlier this month the SSU wrote in a message on the Telegram social network that it had detained a hacker who had enabled Russian state actors to use mobile communications – including phone calls and SMS messages – to anonymously send messages to Ukrainian security officers and civil servants urging them to surrender and side with Russia.
They also “passed commands and instructions to advanced groups of Russian invaders,” the SSU wrote.
This week the country’s Computer Emergency Response Team said it had uncovered a phishing campaign using malware called PseudoSteel. The campaign used a phishing email purportedly about the loss of Ukraine servicemen and women that included a file containing the malicious code. The officials said the phishing campaign may have been run by the Russian threat group UAC-0010, also known as Armageddon.
Over the weekend, cyber police in the central Ukrainian city of Vinnytsia said they arrested a 25-year-old man accused of hacking into accounts of social media users to raise money for ammunition under false pretences, claiming he was going to the front to fight and that he needed the ammunition. The man had spent the money on himself instead, the police said. ®