The hackers came from around the world. They knocked Russian and Ukrainian government websites offline, graffitied antiwar messages onto the homepages of Russian media outlets and leaked data from rival hacking operations. And they swarmed into chat rooms, awaiting new instructions and egging one another on.
The war in Ukraine has provoked an onslaught of cyberattacks by apparent volunteers unlike any that security researchers have seen in previous conflicts, creating widespread disruption, confusion and chaos that researchers fear could provoke more serious attacks by nation-state hackers, escalate the war on the ground or harm civilians.
“It is unprecedented,” said Matt Olney, director of threat intelligence at security firm Cisco Talos. “This is not going to be solely a conflict among nations. There are going to be participants that are not under the strict control of any government.”
The online battles have blurred the lines between state-backed hackers and patriotic amateurs, making it difficult for governments to understand who is attacking them and how to retaliate. But both Ukraine and Russia appear to have embraced tech-savvy volunteers, creating channels on chat app Telegram to direct them to target specific websites.
Hackers have inserted themselves in international conflicts before in places such as Palestine and Syria. But experts said those efforts have attracted fewer participants. The hundreds of hackers now racing to support their respective governments represent a drastic and unpredictable expansion of cyberwarfare.
The involvement of the volunteer hackers makes it more difficult to determine who is responsible for an online attack. Some of the hackers said they were Ukrainians living inside and outside the country. Some said they were citizens of other countries who were simply interested in the conflict. It was impossible in some circumstances to verify their identities.
Their attacks stand apart from the sophisticated incursions made by nation-state hackers in recent years. Although hackers affiliated with the Russian government have quietly infiltrated U.S. government agencies and Fortune 500 companies, these participants have loudly proclaimed their allegiances and used simpler methods to topple or deface websites.
And although their tactics appear to have been successful in some instances, security researchers cautioned that it was unrealistic to believe cyberattacks by volunteer hackers without specialized technical expertise would play a determinative role in the military campaign on the ground.
“The land invasion is advancing, people are suffering, buildings are being destroyed,” said Lukasz Olejnik, an independent cybersecurity researcher and a former cyberwarfare adviser for the International Committee of the Red Cross in Geneva. “Cyberattacks can’t realistically impact this.”
Ukraine has been more deliberate about recruiting a volunteer hacking force. In Telegram channels, participants cheer their collaboration with the government in going after targets such as Sberbank, the Russian state-owned bank. From Russia, where links between the government and hacking groups have long raised alarms among Western officials, there have not been the same kind of overt calls to action.
“We are creating an IT army,” Ukraine’s minister of digital transformation, Mykhailo Fedorov, tweeted Saturday, directing cybersecurity enthusiasts to a Telegram channel that contained instructions for knocking Russian websites offline. “There will be tasks for everyone.” By Friday, the Telegram channel had more than 285,000 subscribers.
Inside the main English-language Telegram page for the IT Army of Ukraine is a 14-page introductory document providing details about how people can participate, including what software to download to mask their whereabouts and identity. Every day, new targets are listed, including websites, telecommunications firms, banks and ATM processors.
Yegor Aushev, co-founder of Ukrainian cybersecurity company Cyber Unit Technologies, said he was flooded with notes after posting on social media a call for programmers to get involved. His company offered a $100,000 reward for those who identify flaws in the code of Russian cyber targets.
Aushev said more than 1,000 people were involved in his effort, working in close collaboration with the government. People were allowed to join only if somebody vouched for them. Organized into small groups, they were aiming to hit high-impact targets such as infrastructure and logistics systems important to the Russian military.
“It’s become an independent machine, a distributed international digital army,” Aushev said. “The biggest hacks against Russia will be soon,” he added, without elaborating.
A government spokesperson confirmed the work with Aushev.
Figuring out who is behind a cyberattack is always difficult. Groups falsely take credit or boast of a bigger impact than actually occurred. But this week, there were a string of attacks against Russian targets. The country’s largest stock exchange, a state-controlled bank and the Russian Foreign Ministry were taken offline for a time after being targeted by Ukraine’s volunteer hackers.
The worst fears of military analysts and cybersecurity experts — that Russia would use devastating cyberattacks to take down critical Ukrainian infrastructure like energy, government services and internet access — have not yet occurred.
Yet the involvement of nongovernment groups could escalate quickly and cause unintended consequences, experts warned. A malware attack against one target could quickly spill over and become uncontrollable, as it did during a 2017 attack on Ukrainian government and business computer systems. Or a government might mistake an amateur attack for a state-backed one and decide to retaliate.
In neighboring Belarus, a hacktivist group called Belarusian Cyber Partisans said it had targeted train services in Belarus that were carrying Russian military supplies toward Ukraine, although there was no independent verification of whether the work was successful.
After Russia began using Belarus as a staging area for the invasion, the group began working with Ukrainian activists, lending technical support and helping recruit new volunteers.
“This is war and you fight back,” said Yuliana Shemetovets, a U.S.-based spokesperson for the Cyber Partisans.