The recent growing integration of wind farms (WFs), particularly variable speed wind turbines (WTs), results in several operational challenges to power grids integrated with WFs, such as low grid inertia and the reduced performance of measurement-based fast frequency response. To deal with such challenges, grid operators use WF active power controllers (WFAPCs) to enhance frequency control support from WTs and improve the frequency stability of the grid. However, the operation of WFAPC relies on measurements received through communication networks and cyber layers of WFs, which consequently makes them prone to cyber threats, e.g., false data injection (FDI). On this basis, firstly, this paper analyzes the cybersecurity vulnerabilities of WFAPCs and the possible impacts of exploiting cybersecurity vulnerabilities on the frequency response of WF and frequency stability of the grid. Then, based on the knowledge of intruders, two attacks, i.e., white-box and black-box FDI attacks, are developed against WFAPCs. Afterward, to detect these attacks, a novel bi-level detection and mitigation technique based on support vector machine (SVM)-based technique and long short-term memory (LSTM)-based technique is developed, which is implemented at the control center of the WF (primary detector) and at the dispatch center of the power grid (secondary detector), respectively. These detectors classify real-time measurements into attack and normal operation. Additionally, a hierarichical mitigation technique is proposed to counter the developed cyber attacks by replacing the active power reference signal of WF with new values obtained based on the droop control theory. The impacts of the attacks and the effectiveness of the proposed bi-level technique are evaluated using the modified 39-bus benchmark.