Ukraine dismantles 5 disinformation bot farms, seizes 10,000 SIM cards

The Ukrainian Security Service (SSU) has announced that since the start of the war with Russia, it has discovered and shut down five bot farms with over 100,000 fake social media accounts spreading fake news.

The network, which operated in Kharkiv, Cherkasy, Ternopil, and Zakarpattia, aimed to discourage Ukrainian citizens and instill panic by distributing false information about the Russian invasion and the status of the defenders.

According to the SSU’s announcement, the goal of the network was to destabilize the sociopolitical situation in various regions, thus curbing the resistance of the Ukrainian militia.

The law enforcement agency in Ukraine raided the locations that hosted the bot farms and seized the following items:

• 100 sets of GSM gateways
• 10,000 SIM cards for various mobile operators to disguise the fraudulent activity
• Laptops and computers used for controlling and coordinating the bots

The attribution for the operation points to the Russian special services, members of which are already facing criminal proceedings under Article 110 (encroachment on the territorial integrity and inviolability of Ukraine), but no operator arrests are mentioned in the SSU announcement.

Ukraine’s cyber agencies operational

SSU’s website has remained offline several times and for protracted periods during the past month as the agency faced mounting challenges and had to direct its focus on deterring a military invasion.

Still, it’s notable and commendable that Ukraine’s cyber-agencies remain operational, at least to some degree, and publish daily announcements of their activities.

On Saturday, the Ukrainian cyber-police in the region of Vinnytsia announced the arrest of a man who was hacking social network accounts through phishing links and used them to run fake ammunition fundraisers.

Today, the Computer Emergency Response Team of Ukraine announced the discovery of a phishing campaign loosely attributed to the UAC-0010 (Armageddon) Russian threat group.

The campaign uses document lures that supposedly contain information about the losses of Ukrainian servicemen to drop the “PseudoSteel” malware which enables its operators to remotely search for local files and upload them to an FTP server.

All these detection and crackdown efforts of Ukrainian forces signify a new age in warfare where governments cannot ignore malicious cyber activities.

That’s especially the case for a country that’s still largely online, using the network for crowd-sourcing information and keeping an open channel of data exchange with the rest of the world.