A group of pro-democracy hackers calling themselves “Cyber Partisans” said Monday they had infiltrated the Belarusian rail network in an effort to “disrupt” the movement of Russian troops into the country as tensions over a potential renewed invasion of Ukraine grow.
The “hacktivists,” who announced the cyberattack in posts on Twitter and Telegram, said that they had encrypted some of the railroad’s “servers, databases and workstations” because it facilitates the movement of “occupying troops to enter our land.” The group said it would return the network to “normal mode” if 50 political prisoners in need of medical care were released and Russian military personnel were barred from Belarus.
The Belarusian Defense Ministry said Monday that Russian troops were already arriving in the Kremlin-aligned country, which borders Ukraine and Russia, ahead of a February training operation. That exercise has raised fears in the West that it would place Russian troops and equipment along Ukraine’s northern border, near the capital, Kyiv, further encircling the country.
As of early Tuesday, customers were not able to use parts of the Belarusian Railway website for booking tickets. An error message said the site “is temporarily unavailable, come back later.” Cyber Partisans said it did not intend to affect passenger service and was working to fix the problem, the Associated Press reported. A spokesperson for the group, which said it did not target security and automation systems so as to avoid creating an emergency, did not immediately respond to a request for comment.
The Belarusian Foreign Ministry did not immediately return a request for comment. Franak Viacorka, an adviser to the exiled Belarusian opposition leader Svetlana Tikhanovskaya, told Bloomberg News that the hack was a “massive action” that “could paralyze the railroad infrastructure.”
Cybersecurity experts said the hackers could keep their grip over the rail network indefinitely if Minsk did not maintain backup servers.
“Critical infrastructure, in Belarus and around the world, represents something of a soft target for ransomware attacks,” said Andrew Reddie, a professor at the University of California at Berkeley’s School of Information. But he added that it was still too early for cybersecurity researchers to “definitively” confirm the attack.
Zachary Peterson, a computer science professor at Cal Poly at San Luis Obispo, said railway networks, like other critical infrastructure, “are often legacy systems, built long before [cyber]security was a serious consideration.”
“It was a natural step,” Peterson said, “for a hacktivist group to repurpose an attack . . . created for financial extortion to a tool for political purposes.”
Through a previous series of hacks over the past two years, Cyber Partisans, a set of self-taught hacktivists, gathered records that included tapped phone calls and internal documents that exposed government efforts in Belarus to crush dissent. The effort was among the most organized and sweeping hacks by opposition activists against a government, analysts said at the time.
The group was “fairly well known and tied to pro-democracy protests” over the past couple of years in Belarus, Reddie said, noting that the use of ransomware to “coerce a government actor rather than pursue financial gain . . . is fairly unique.”
Minsk did not comment on the cyberattacks last year, but no Belarusian official has publicly challenged the authenticity of Cyber Partisans’ posts. At least one top Belarusian security official has acknowledged that opposition groups have waged hacking efforts.
The conflict over Ukraine intensified Monday as NATO said it would move more military equipment into Eastern Europe and the Biden administration put 8,500 troops on alert for possible deployment to the region.
The United States has ordered families of diplomats to evacuate Kyiv, and the State Department has encouraged American citizens to leave Ukraine. Britain has also asked some diplomats and their families to leave.