Hackers’ Fake Claims of Ukrainian Surrender Aren’t Fooling Anyone. So What’s Their Goal?

WASHINGTON — Andriy Taranov, a board member of the Ukrainian public broadcaster Suspilne, was sitting in his office last month when he noticed a strange message at the bottom of his television screen. He said that Volodymyr Zelensky, the president of Ukraine, had announced a surrender.

Taranov was stunned that there had been no talk of a surrender among reporters covering the Russian invasion of the country. “There’s nothing like that in any journalistic circle,” he recalled thinking. “It seems absolutely contradictory.”

The message was false, he quickly realized. He had been placed in the live broadcast chiron of Media Group Ukraine by hackers.

Since the invasion of Russia began in late February, hackers have repeatedly broken into the social media accounts and broadcast systems of trusted information sources in Ukraine, such as government officials and prominent media outlets. They used their access to spread false messages that Ukraine was surrendering, sometimes using fake videos to bolster their claims.

And while there is no evidence that the disinformation campaign had any discernible effect on the conflict, experts say the hackers’ intentions may not have been to fool anyone. Instead, the hackers are most likely trying to erode trust in Ukrainian institutions and show that the government and media cannot be trusted for information or keep hackers out of their systems. The tactics mirror those used in other Russian disinformation campaigns, which have focused on fomenting cultural divisions and conflict.

“It can lead to uncertainty, confusion and mistrust,” said Ben Read, director of cybersecurity firm Mandiant. “It doesn’t need to withstand close reading to have any effect on the population; it erodes trust in all messages.”

Facebook traced a hacking campaign, targeting military officers, to state-sponsored hackers in Belarus. Other cyberattacks, including those against the media and telecommunications networks, have yet to be attributed to specific state actors.

But Ukrainian officials suspect that Russia is behind the hacking and disinformation.

“Of course they are behind these attacks,” said Victor Zhora, deputy head of Ukraine’s cybersecurity agency, the State Service for Special Communications and Information Protection.

“This is the first time in history that we are facing a conventional war and a cyber war at the same time,” Zhora said. “It completely changes our picture of what is happening in Ukraine.”

Attempts to spread disinformation about Ukraine’s surrender began days after Russia’s invasion began. Hackers broke into the Facebook accounts of high-profile Ukrainian military and political leaders and then used their access to post fake messages announcing a surrender. They accompanied some of the posts with videos of soldiers waving a white flag, falsely claiming that the images showed Ukrainian soldiers.

Meta, the parent company of Facebook, said it quickly detected the attack and, in some cases, was able to prevent hackers from posting fake messages from compromised accounts. The hackers were affiliated with a group security researchers call Ghostwriter, Meta said, which has been linked to Belarus.

The ghostwriter frequently targets public figures in Europe, security researchers said, often using compromised social media and email accounts to send messages intended to undermine support for NATO. Since the war in Ukraine began, the group has focused its efforts there, according to investigators.

“They are aligned with Russian goals,” Read said of Ghostwriter.

In mid-March, Ukrainian officials detected another hacking campaign attempting to spread false information about a surrender. According to the Security Service of Ukraine, the country’s law enforcement and intelligence agency, a hacker installed a relay system to help route calls for the Russian military. The system was also used to send text messages to Ukrainian security forces and officials, urging them to surrender and support Russia, the law enforcement agency said.

The Ukrainian Security Service said it had arrested the person responsible for the messages, who it said had made thousands of calls every day on behalf of the Russian military.

Another, more visible attempt to spread disinformation about a surrender soon followed. On March 16, a “fake” video of Mr. Zelensky appeared on social media calling on Ukrainians to lay down their arms and surrender to Russia.

The hackers targeted TV stations and media outlets in Ukraine to spread the digitally manipulated video, broadcasting it on Ukraine 24, a TV station operated by Media Group Ukraine, and posting it on the outlet’s YouTube channel.

Media Group Ukraine said it believed Russian hackers were responsible. “Our systems have been under constant attack for more than two weeks, before being hacked,” said Olha Nosyk, a spokesperson for the company. “We have reinforced the protection and applied the necessary technical means to prevent this type of incident from repeating itself.”

Deepfakes like Mr. Zelensky’s use artificial intelligence to create seemingly realistic images of people doing and saying things they didn’t actually say or do. Researchers have warned that the technology could be exploited during elections and other high-profile political moments to spread lies about prominent politicians.

Oleksiy Makukhin, an expert who has worked on fighting disinformation in Ukraine, said he first saw the digitally manipulated video of Zelensky circulating on the Telegram messaging app. But many of the posts about the video highlighted the fact that it was fake and mocked it for being poorly done, Makukhin said.

“I can hardly think of a single person in Ukraine who believed in that,” he said. “People in Ukraine are already quite informed about disinformation, which Russia distributes all the time.”

Still, Mr. Zelensky took to his official Telegram channel to deny the video’s claims. “We are defending our land, our children, our families,” he said. “So we don’t plan to lay down our arms until our victory.”

On Friday, Ukraine’s Security Service said it had uncovered another text message campaign that had sent more than 5,000 messages about the surrender using a Russia-linked bot farm. “The outcome of events is predetermined!” the text messages said, according to the agency. Be careful and refuse to support nationalism and the country’s leaders who discredited themselves and have already fled the capital!!!”

Makukhin said he believed the disinformation was an effort to scare civilians, comparing it to neighborhood bombing.

“I think the only reason for this is to terrorize the population, put pressure on and eventually deal with this pressure to make our government give up,” he said. “There is still a general consensus in society that we cannot give up. Otherwise, all this pain and death would be in vain.”

Leave a Comment