In keeping with the hybrid nature of Russia’s invasion of Ukraine, several hacktivist groups and hackers have joined the fight in the embattled nation, including some hacktivists encouraged by the government of Ukraine itself. Although the hacktivists have been waging their version of cyber warfare mostly against Russian organizations, hacktivists sympathetic to Russia are also turning their weapons against Ukraine.
The following are notable hacktivist events that have occurred so far related to the Russian invasion of Ukraine.
- IT Army of Ukraine emerges: Developers in Ukraine are joining an “IT army,” the IT Army of Ukraine, which has assigned them specific challenges. Announced on February 26, the group already has nearly 200,000 users on its main Telegram channel that it uses to hand out assignments and coordinate operations. The group was ostensibly responsible for shutting down the API for Sberbank, one of Russia’s major banks and Kremlin-aligned Belarus’s official information policy site. It’s not clear if the Ukraine government is behind the IT Army of Ukraine, even though Ukrainian officials have endorsed the effort.
- Anonymous claims credit for website take-downs. Late last week, a Twitter account purporting to represent Anonymous wrote that “The #Anonymous collective has taken down the website of the #Russian propaganda station RT News.” The Russian state-run TV channel RT website said it was a victim of a hacker attack, which it attributed to Anonymous.
- Cyber Partisans of Belarus claim train hacks. Activist hackers in Belarus called the Cyber Partisans allegedly breached computers that control that country’s trains and brought some to a halt in the cities of Minsk and Orsha and the town of Osipovichi. The hackers purportedly compromised the railway system’s routing and switching devices and rendered them inoperable by encrypting data stored on them.
- AgainstTheWest targeted Russian interests. Another hacktivist group known as AgainstTheWest claims to have hacked a steady stream of Russian websites and corporations, including Russian Government contractor promen48.ru, Russian Railways, the State University Dubna, and the Joint Institute for Nuclear Research.
- The Anon Leaks says it messed with Putin’s yacht information. The Anon Leaks, a group purportedly an offshoot of Anonymous, said it changed the callsign of Russian President Vladimir Putin’s superyacht Graceful on MarineTraffic.com to FCKPTN. The hackers also found a way to alter the yacht’s tracking data, making it look as if it had crashed into Ukraine’s Snake Island and changing its destination to “hell.”
- Presumed hacktivists hacked Russian EV charging stations. Hackers, presumably activists, hacked electric vehicle charging stations along Russia’s M11 motorway to display anti-Russian messages. The hackers likely gained access through a Ukrainian parts supplier called AutoEnterprise.
- “Patriotic Russian hackers” helped hit Ukraine websites with DDoS attacks: Last week, some independent Russian hackers, so-called “patriotic Russian hackers,” or vigilantes who operate in a hacktivist-like mode, claim they helped bring down Ukrainian websites during the second round of DDoS attacks that hit the country.
- Russian media outlets hacked to display anti-Russian messages. The websites of several Russian media outlets were hacked to display anti-Russian messages, with some of the sites going offline. The sites affected were TASS rbc.ru, kommersant.ru, fontanka.ru, and iz.ru of the Izvestia outlet. Some Russian media sources say anonymous was the source of these hacks.
- Researcher leaked Conti gang’s messages: A Ukrainian security researcher leaked over 60,000 internal messages belonging to the Conti ransomware operation after the gang publicly sided with Russia over the invasion of Ukraine. (Conti backpedaled from its robust support of Russia after its Ukrainian affiliates objected). The leaked messages were taken by a Ukrainian security researcher who reportedly had access to Conti’s backend XMPP server from a log server for the Jabber communication system used by the ransomware gang.
Hacktivism isn’t necessarily a good idea
The main question surrounding the hacktivism accompanying Russia’s invasion of Ukraine is whether this kind of hacking is a healthy development in defense of Ukraine. “It’s worth noting that the situation is really quite unprecedented,” Brett Callow, threat analyst at Emsisoft, tells CSO. “I don’t recall anything like this having happened before. We obviously have multiple activist groups operating on behalf of both sides, as well as certain cybercrime groups taking sides, as well as intelligence services invariably doing the things they normally do.”
“Generally speaking, hacktivism isn’t necessarily a good idea,” Callow says. “It’s obviously illegal, and the consequences can be quite unforeseen. Sometimes a DDoS attack can affect more than the resource being targeted.” In the case of the IT Army of Ukraine, “The Ukrainian government may be concerned that they are not going to get as much help as they otherwise could on the cyber side of things and so are looking to take matters into their own hands by recruiting the army.”
Another argument against encouraging hacktivism is that hacktivists aren’t always truthful and can contribute to disinformation. Callow doubts, for example, that the claims by AgainstTheWest are true. “The claims seem unlikely to be true,” he says.
One of the most concerning risks is that activists will interfere with other planned strategic operations. “For example, if a Western intelligence agency has compromised, stealthily compromised, the network of a Russian company, that could all be blown out of the water if a Russian company finds itself having to remediate because of an attack by activists. The activists will be looking to cause short-term disruption. Whereas the intelligence agencies may have longer-term objectives included information gathering.”
All is fair in love and war
Chris Anthony, founder and CEO of TeamWorx Security, leans more favorably toward hacktivism in this circumstance. “We’re talking about an effort that’s rising up and challenging whoever the bad guys are. I think it’s an important part of who we are as humans,” Anthony tells CSO.
Back in the 1700s, “we used to circle the wagons and come to each other’s defense. I think hacktivism is the same thing, just in the 21st century. There’s an aggressor, and this is our country, and we’re not happy. We’re going to use whatever means available to us to show you that we can stand on our own two feet. We can fight back, and we can defend ourselves.”
Hacktivists can particularly help when the target faces such a lopsided fight, as in Ukraine. “Sometimes, this is a war of attrition,” Anthony says. “When you call upon every single mobile device and computer, assembled and united against the cause, it’s a pretty powerful thing. I think that’s an advantage to Ukraine.
Garret Grajek, CEO of YouAttest, also supports what the hacktivists are doing, saying, in essence, all is fair in love and war. “The powerful tool of unwelcomed site intrusion cuts both ways,” Grajek tells CSO. “Russians attacked Ukrainian and government sites immediately. Now hackers officially aligned with Ukraine, and hacktivist groups like Anonymous have begun hacking and attacking official Russian sites and affiliated news sites. It’s war, and it’s to be expected. The gloves came off when the tanks rolled in.”