A group of Belarusian hackers claim to have encrypted the servers, databases and workstations of Belarusian Railways with the aim of slowing down Russian troop movements as tensions continue to mount toward a potential Russian invasion of Ukraine.
The Belarus Cyber Partisans — a group of pro-democracy hacktivists who have been targeting the Russia-friendly Belarusian government with a series of hack-and-leak operations aimed to expose government corruption — tweeted mid-morning Monday U.S. time that they’d “encrypted some of BR’s servers, databases and workstations to disrupt operations.”
They demanded the release of 50 political prisoners they say are the most in need of medical attention want Russian troops to stay out of their country. Franak Viacorka, an adviser to a Belarusian human rights advocate, tweeted screenshots purporting to show access to the railway company’s servers. Additional screenshots of the data were posted by the Cyber Partisans’ Telegram account.
We have encryption keys, and we are ready to return Belarusian Railroad's systems to normal mode. Our conditions:
Release of the 50 political prisoners who are most in need of medical assistance.
Preventing the presence of Russian troops on the territory of #Belarus. https://t.co/QBf0vtcNbK
— Belarusian Cyber-Partisans (@cpartisans) January 24, 2022
The Belarus Cyber Partisans are a group of roughly 15 self taught “hacktivists” who’ve fled the country but claim to have help from disaffected members of the Belarusian security forces, The Washington Post reported in September 2021. The group has published detailed information on government officials’ corruption in the country with a particular emphasis on President Lukashenko, a key ally of Russian President Vladimir Putin.
Juan Andres Guerrero-Saade, principal threat researcher at cybersecurity firm SentinelOne, said it was too soon to confirm or speak about the technical particulars of this particular attack. But he noted that while skepticism is warranted with many contemporary “hacktivism” claims — which are often abused as fronts for state-sponsored operations or disinformation campaigns — the Belarus Cyber Partisans have so far “displayed consistent traits of authentic activism.”
“It’s fascinating to see ransomware being used to benefit the underdog in what’s ostensibly a revolutionary struggle,” he said. “That’s a nuance that we seldom deal with as we think primarily of targeted ransomware as an enterprise or financial concern.”
Belarusian Railways and the office of Belarusian President Alexander Lukashenko did not immediately respond to messages asking about the situation.
Belarus, which shares a border with Ukraine just 56 miles from the Ukrainian capital city of Kyiv, serves as a key corridor for Russian military deployment. Belarus may also be involved on the cyber front. A senior Ukrainian security official told Reuters Jan. 15 that the country’s intelligence was involved in the cyberattacks that hit the Ukrainian government Jan. 14 that included website defacement as well as limited numbers of computer systems wiped.
The post Belarusian hacktivist group attacks Belarusian Railways as military frictions mount appeared first on CyberScoop.