Hackers’ fake claims of Ukrainian surrender aren’t fooling anyone. So what’s their goal?
Andriy Taranov, a board member at the Ukrainian public broadcasting company Suspilne, was sitting in his office last month when he noticed a strange message running across the bottom of the television screen. It said Volodymyr Zelenskyy, the president of Ukraine, had announced a surrender.
Taranov was stunned because there had been no chatter about a surrender among reporters covering Russia’s invasion of the country. “There’s nothing like that in any journal circle,” he remembered thinking. “It looks absolutely contradictory.”
The message was fake, he quickly realized. It had been planted on the chyron of Media Group Ukraine’s live broadcast hackers.
Since Russia’s invasion began in late February, hackers have repeatedly broken into the social media accounts and broadcasting systems of trusted information sources in Ukraine, like government officials and prominent media outlets. They used their access to spread false messages that Ukraine was surrendering, sometimes using fake videos to bolster their claims.
And while there is no evidence that the misinformation campaign has had any discernible effect on the conflict, experts say the hackers’ intentions might not be to actually trick anyone. Instead, the hackers are most likely trying to erode confidence in Ukrainian institutions and show that the government and news media cannot be relied upon for information or to keep hackers out of their systems. The tactics mirror those used in other Russian disinformation campaigns, which have focused on fomenting divisions and cultural conflict.
“You can build uncertainty, confusion and drust,” said Ben Read, a director at the cybersecurity firm Mandiant. “It doesn’t need to stand up to a close reading to have some effect on the population; it erodes trust in all messages.”
Facebook traced one hacking campaign, which targeted military officials, to state-sponsored hackers in Belarus. Other cyberattacks, including those against media outlets and telecommunications networks, have not yet been attributed to specific state actors.
But Ukrainian officials suspect that Russia is behind the hacking and disinformation.
“Of course they are behind these attacks,” said Victor Zhora, deputy head of Ukraine’s cybersecurity agency, the State Service of Special Communications and Information Protection.
“This is the first time in hory we deal with a conventional war and a cyberwar at the same time,” Zhora said. “It completely changes our landscape for what is happening around Ukraine.”
The attempts to spread disinformation about a Ukrainian surrender started days after Russia’s invasion began. Hackers broke into the Facebook accounts of high-profile Ukrainian military leaders and politicians, then used their access to post false messages announcing a surrender. They accompanied some of the posts with videos of soldiers waving a white flag, falsely claiming that the footage depicted Ukrainian soldiers.
Meta, the parent company of Facebook, said it quickly detected the attack and in some cases was able to prevent the hackers from posting fake messages from the compromised accounts. The hackers were affiliated with a group that security researchers call Ghostwriter, Meta said, which has been linked to Belarus.
Ghostwriter frequently targets public figures in Europe, security researchers said, often using compromised social media and email accounts to push messages intended to chip away at support for NATO. Since the war in Ukraine began, the group has focused its efforts there, according to researchers.
“They’re aligned with Russian goals,” Read said of Ghostwriter.
In mid-March, Ukrainian officials detected another hacking campaign that tried to spread false information about a surrender. According to the Security Service of Ukraine, the country’s law enforcement and intelligence agency, a hacker set up a relay system to help route calls for the Russian military. The system was also used to send text messages to Ukrainian security forces and civil servants, urging them to surrender and to support Russia, the law enforcement agency said.
The Security Service of Ukraine said it had arrested the person responsible for the messages, whom it said had placed thousands of calls each day on behalf of the Russian military.
Another, more visible attempt to spread disinformation about a surrender soon followed. On March 16, a “deepfake” video of Zelenskyy asking Ukrainians to lay down their weapons and surrender to Russia emerged on social media.
Hackers targeted television stations and news outlets in Ukraine to spread the digitally manipulated video, broadcasting it on Ukraine 24, a television station operated Media Group Ukraine, and posting it to the outlet’s YouTube channel.
Media Group Ukraine said it believed Russian hackers were responsible. “Our systems have been under constant attack for over two weeks, before being hacked,” said Olha Nosyk, a spokesperson for the company. “We have strengthened the protection and applied the necessary technical means to prevent such incidents from recurring.”
Deepfakes like the one of Zelenskyy use artificial intelligence to create seemingly realic footage of people doing and saying things that they did not actually say or do. Researchers have warned that the technology could be exploited during elections and other high-profile political moments to spread lies about prominent politicians.
Oleksiy Makukhin, an expert who has worked on combating misinformation in Ukraine, said he first saw the digitally manipulated video of Zelenskyy circulating on the messaging app Telegram. But many of the messages about the video highlighted the fact that it was a fake and poked fun at it for being poorly made, Makukhin said.
“I hardly can think of any person in Ukraine who believed in it,” he said. “People in Ukraine are already rather educated about disinformation, which Russia is dributing all the time.”
Still, Zelenskyy took to his official channel on Telegram to deny the video’s claims. “We are defending our land, our children, our families,” he said. “So we don’t plan to lay down any arms until our victory.”
On Friday, the Security Service of Ukraine said it had discovered another text message campaign that had pushed over 5,000 messages about surrendering using a bot farm linked to Russia. “The outcome of events is predetermined!” the text messages said, according to the agency. “Be prudent and refuse to support nationalism and leaders of the country who discredited themselves and already fled the capital!!!”
Makukhin said he believed the disinformation was an effort to frighten civilians, comparing it to the shelling of neighborhoods.
“I think the only reason for it is to terrorize the population, to make pressure and eventually try with this pressure to make our government surrender,” he said. “There is still general consensus in society that we cannot surrender. Otherwise, all this pain and death were for nothing.”