Saturday, July 13, 2024

Hacktivists Claim Ransomware Strike on Belarus Railway Intended to Disrupt Russian Forces

As the political crisis in Ukraine deepens, warfare is evolving with the times. Hacktivism is not dead, although it hasn’t been in the news quite as much as financially driven ransomware incidents these past few years.

In an apparent bid to stop a Russian arms build-up near the Ukrainian border, a “pro-democracy” hacktivist group claims to have hacked the Belarusian railway system—allegedly one of the conduits for tanks and weaponry into the region. The incident comes as Russian and NATO-allied forces continue to spar over the political future of Ukraine, heightening the risk of war.

Belarus, which sits to the north of Ukraine, is considered a key Kremlin ally in the ongoing conflict and has seen an accumulation of Russian soldiers and weaponry as the two nations prepare for upcoming joint military exercises. U.S. commentators have accused Russia of using Belarus and the exercises as an excuse to “encircle” Ukraine militarily.

In a post to its Telegram page on Monday, the hacktivist group known as Cyber Partisans claimed to have struck the nation’s railway system—apparently spiking it with ransomware as a way to deter further transfers of arms. The hackers also published images of what they said were files compromised in the attack, and demanded the release of numerous “political prisoners,” which they said had been illegitimately incarcerated by the government.

“The government continues to suppress the free will of Belarusians, imprison innocent people, they continue to unlawfully keep… thousands of political prisoners,” the hackers told Ars Technica. They also decried the government for allowing “occupying troops” into their land—ostensibly a reference to Russia.

Recommended:  The CIA Has Secretly Run a ‘Bulk Collection’ Program Affecting Americans

Partisans, which calls itself “pro-democracy,” is reputed to be comprised of disaffected Belarusian security personnel and has previously been tied to alleged hack-and-leak operations targeted at the government of President Alexander Lukashenko—the country’s current leader.

One of the first to spot the apparent railway hack was Franak Viačorka, a journalist and political advisor to Belarusian opposition leader and “pro-democracy activist” Sviatlana Tsikhanouskaya.

Twt Franak Viačorka

Viacorka, who has also worked with the Atlantic Council and is a media analyst for the US Agency for Global Media, told Gizmodo that he had learned about the cyberattack directly from “railroad workers.” Viacorka called the “scale” of the attack “huge,” and said that he expects there to be an “official statement” soon on the incident, as “some railroad services don’t work.”

While there doesn’t appear to be any official acknowledgment of the attack by the Belarusian government, a railway notification to travelers on Monday announced that certain “technical” difficulties were causing problems for electronic service delivery:

“For technical reasons, reference web-resources of the Belarusian Railways and services for issuing electronic travel documents are temporarily unavailable,” the railway announced. “To arrange travel and return electronic travel documents, please contact the ticket office.”

While this alone doesn’t confirm the hacktivists’ claims, it certainly sounds like one of the classic side-effects of a ransomware attack.

Recommended:  What Is Privilege Escalation Attack? How To Prevent It?

The ongoing standoff in Ukraine between Russian and pro-NATO forces has gotten to the point where, some say, political squabbles risk devolving into armed confrontation. The buildup of 100,000 Russian troops at Ukraine’s border has heightened tensions and led American officials to accuse Putin of wanting to invade the neighboring country.

More relevantly, multiple cyberattacks have targeted Ukraine over the past two weeks—a fact that has added to the growing conflict. This includes a Jan. 14 defacement attack on nearly 80 Ukrainian government websites, which was blamed on hackers connected to Belarusian intelligence. This makes the timing of the railway incident—a little over a week later—somewhat interesting.

On their Telegram page Monday, Cyber Partisans wrote that they had hacked the railway system to defy Belarusian President Lukashenko, who they dubbed a “terrorist”:

BelZhD at the command of the terrorist Lukashenko these days allows the occupying troops to enter our land. As part of the “Peklo” cyber campaign, we encrypted the bulk of the servers, databases and workstations of the BelZhD in order to slow down and disrupt the operation of the road. The backups have been destroyed.

The hackers claimed that “automation and security systems were deliberately NOT affected by a cyber attack in order to avoid emergency situations.”

You may also enjoy reading, Assange Wins First Stage in Effort to Appeal US Extradition


Got to Cybersecurity News

Go to Homepage

Go to Cybersecurity Academy

Stay informed of the latest Cybersecurity trends, threats and developments. Sign up for RiSec Weekly Cybersecurity Newsletter Today

Recommended:  U.S. Cybersecurity Agency, CISA, Publishes List of Free Security Tools and Services
Share the word, let's increase Cybersecurity Awareness as we know it
- Sponsored -

Sponsored Offer

Unleash the Power of the Cloud: Grab $200 Credit for 60 Days on DigitalOcean!

Digital ocean free 200

Discover more infosec

User Avatar
Steven Black (n0tst3)
Hello! I'm Steve, an independent security researcher, and analyst from Scotland, UK. I've had an avid interest in Computers, Technology and Security since my early teens. 20 years on, and, it's a whole lot more complicated... I've assisted Governments, Individuals and Organizations throughout the world. Including; US DOJ, NHS UK, GOV UK. I'll often reblog infosec-related articles that I find interesting. On the RiSec website, You'll also find a variety of write-ups, tutorials and much more!

more infosec reads

Subscribe for weekly updates