Application Security , Business Continuity Management / Disaster Recovery , Critical Infrastructure Security

Update: Cyber Hacktivists Target Belarus for Supporting Russia

Belarusian Railways and Top Banks Among Those Targeted by Several Hacktivist Groups
Update: Cyber Hacktivists Target Belarus for Supporting Russia
Trains containing Russian military equipment (Source: Belarusian news outlet MotolkoHelp Twitter)

Belarus has renounced its nonnuclear status and is set to support moving the Kremlin's nuclear weapons into the country for the first time since it gave up nuclear weapons at the fall of the Soviet Union, according to a Reuters report. This has sparked a heavy backlash from several cyber hacktivist groups, who have now targeted and disrupted services of Belarus' railway and banking systems.

See Also: A Strategic Roadmap for Zero Trust Security Implementation

Attack on Railways

Belarusian Cyber-Partisans - or CP - a hacktivist group, in January 2022, successfully attacked the country's railroad and encrypted some of its servers, databases and workstations to disrupt the Russian military's movement in Belarus. At the time, the attack was contained, and the Belarusian government did not acknowledge it.

The group has now struck the same systems again, CP spokesperson Yuliana Shemetovets tells Information Security Media Group, adding that only "the tactic was slightly different and damaged the systems more."

On damages incurred, Shemetovets tells ISMG that "90% of the network routing and equipment was disabled, including all core devices. This caused the entire network to go offline. Most of the equipment is unrecoverable."

Shemetovets says she cannot disclose the medium or route of exploitation, as the group could not risk the railway employees understanding how the attack transpired. This raises speculation on whether the hacktivists still have access to the systems for further attacks.

The hacktivists claim that their attacks on the internal systems of the country's railroad have forced the services to be moved to "manual control mode." The attack was particularly targeted at the traffic control system called the "Neman dispatcher," which, according to CP, is now disabled. "The associated software does not work," it says. Although it is unconfirmed, CP says there have been reports that the Minsk and Orsha railroad hubs have been paralyzed because of this attack.

The motive behind this cyberattack, CP says, is slowing down the supply chain of the Russian army, which is transporting ammunition and additional troops to the front-line units.

The hacktivists say they are not targeting Belarusian citizens or trying to cause inconvenience to them. "It [the cyberattack] will not create emergency situations and not endanger ordinary citizens," the group says in a tweet.

On its Telegram channel, the group has published several other ways to delay railroad movement.

Sviatlana Tsikhanouskaya - the main opposition candidate in the Belarusian 2020 presidential elections - confirmed the attack on the railways internal system in a tweet in which she also acknowledged the protests going on in Belarus opposing President Alexander Lukashenko's decision to renounce the country's nonnuclear status.

CP's Shemetovets tells ISMG that "the ticketing systems are still down, and people can buy tickets only at the physical locations."

Anonymous Wages a War

The Anonymous group - an unknown number of hackers who describe themselves as hacktivists - on Saturday called upon hackers around the globe to target the Russians under the banner: "Hackers all around the world: target Russia in the name of #Anonymous. Let them know we do not forgive, we do not forget," the tweet says.

After this call, Anonymous tweeted that it had successfully pulled several Russian government websites offline and would continue targeting Russia and its ally Belarus if the military operations did not cease.

List of Russian websites taken offline by Anonymous group (Source: Twitter - @LatestAnonPress)

In a video released on its Twitter account, Anonymous also warned that the takedown of websites over the past several days was just a taste of things to come and that if Russian President Vladimir Putin and Russia did not stop their advances, they would face unprecedented cyberattacks from all corners of the world. "A few downed websites is only the beginning though. Soon you'll face the full wrath of world's hackers and many of whom will likely reside from your own country," the video says.

In a separate tweet, the group confirmed that it had taken down the websites of at least three Belarusian banks: Belarusbank, Priorbank and Belinvest bank.

Justifying its actions, the Anonymous group says, "To the people of Belarus, we have no quarrel with you, however, if you support Lukashenko or the Belarus Government then we cannot stand by and watch - We will take action!"

In a recent tweet, the Anonymous group confirmed taking down websites of the Ministry of Communications and Information of the Republic of Belarus, State Authority for Military Industry of the Republic of Belarus and the Belarus Military.

Dan Gonzales, a senior scientist at RAND Corp., tweeted that there are reports of Russian forces near Kyiv suffering fuel shortages, possibly because of cyberattacks against Belarus.

The Anonymous group had earlier tweeted about the attacks on the Belarusian railway, but CP's spokesperson tells ISMG that the organizations are not working together. The CP is, however, in touch with the Ukrainian cyber army, she adds.

Ukraine's Cyber Police Take the Offensive

According to recent reports, Ukraine is asking for digital volunteers to make up Ukraine's first line of defense against cyber activities targeted toward the country as well as offense actions if required (see: Ukraine Reportedly Calls for Volunteer Cyberwarriors).

Reuters said that organizers of the campaign have received hundreds of applications and are vetting them - particularly for potential Russian agents. It seems that the recruitment process has been completed because Ukrainian Cyber Police, on its Telegram channel, claims that along with its cyber volunteers, the cyber police have been aggressively carrying out massive cyberattacks against Russian and Belarusian web resources.

According to the Telegram post, the Ukrainian Cyber Police says that it has successfully blocked the following resources:

  • sberbank.ru
  • vsrf.ru
  • scrf.gov.ru
  • kremlin.ru
  • radiobelarus.by
  • rec.gov.by
  • sb.by
  • belarus.by
  • belta.by
  • tvr.by

Stefan Soesanto, senior cyber defense researcher at the Center for Security Studies in Zurich, says that the IT Army of Ukraine has published a list of Belarusian sites on its Telegram channel that it says it will soon target.

Update: March 1, 5.0am EST: This story has been updated to include exclusive comments from the Belarusian Cyber-Partisans spokesperson Yuliana Shemetovets.


About the Author

Mihir Bagwe

Mihir Bagwe

Principal Correspondent, Global News Desk, ISMG

Bagwe previously worked at CISO magazine, reporting the latest cybersecurity news and trends and interviewing cybersecurity subject matter experts.




Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing bankinfosecurity.com, you agree to our use of cookies.