The Security Service of Ukraine (SSU) and the National Police have dismantled two bot farms operating in the Poltava and Zakarpattia regions, which were linked to Russian intelligence cyberoperations.

The law enforcement authorities identified and arrested IT specialists believed to be the bot farms operators. The suspect created and sold fake online accounts to Russian intelligence services, which then utilized to conduct disinformation campaigns under the guise of Ukrainian citizens. The false narratives disseminated through these accounts included misleading information about the socio-political situation in Ukraine and discrediting messages about the Ukrainian Defence Forces and the ongoing conflict at the front.

In Poltava region, law enforcement agencies have identified one local resident who created nearly 15,000 anonymous accounts across various social networks and messaging platforms. These accounts were being offered for sale on the Darknet at a rate of $1.5 per account.

The investigation revealed that one of the bot farms, equipped with Ukrainian SIM cards and specialized equipment, was located in the perpetrator’s apartment. The SSU also shut down a clandestine channel that facilitated the sale of unique IP addresses registered in the region to Russian buyers. These IP addresses allowed Russian operatives to masquerade as Ukrainian citizens online, furthering their disinformation efforts.

Financial transactions linked to these activities were traced back to Russian payment systems, with the organizers receiving payments in cryptocurrency.

Both individuals have been formally charged under Article 361.2 of the Criminal Code of Ukraine, which pertains to unauthorized interference with the operation of information systems, electronic communication systems, and networks, particularly when committed by a group. If convicted, the suspects could face up to five years in prison.