Hacktivists Plot Attacks on Russia With Ukraine Government's Urging

Hackers are coming to Ukraine's aid in an effort to target Russian government websites and officials with disruptive counterattacks, according to six people involved in the activity.

On Ukrainian internet forums on Friday, groups of Ukrainians who worked in the country's technology sector shared information on how to launch distributed denial of service attacks, known as DDoS, and deploy malicious software targeted at Russian military officers and government officials. Some hackers from outside Ukraine have signed up to help too.

In interviews with Bloomberg News, several Ukrainians with computer expertise said they had joined a group of “cyber volunteers” who plan to use cyberattacks to fight back against the Russian military's invasion of the country.

The makeshift hacker organization was responding to a call from Ukraine's government, which on Thursday asked for their help protecting the country from Russian troops, according to several of the organizers. Reuters previously reported the government's request for cybersecurity assistance. 

Yegor Aushev, co-founder of Kyiv-based cybersecurity company Cyber Unit Technologies, is helping to organize the effort. He said in an interview with Bloomberg on Friday that so far about 500 people had come forward to participate with the cyber volunteers.

Aushev said people worldwide had volunteered to help the Ukrainian hacking operation, including a handful from Russia who were against their government's actions in Ukraine. “If presidents of other countries can't fight with Ukraine, people of other countries are ready to do it,” Aushev said. Bloomberg couldn't independently verify that Russians were participating in the volunteer hacking effort.

A representative for Ukraine's Ministry of Foreign Affairs and government cybersecurity officials didn't respond to requests for comment.

Tanya Lokot, an associate professor at Dublin City University who specializes in protest and digital rights issues in Eastern Europe, said that Ukraine had a strong community of activist hackers, sometimes called hacktivists, who came together in 2014, responding to Russia's invasion and annexation of Crimea.

“I think it's logical we are seeing a revival of those groups and other people joining in,” said Lokot.

DDoS attacks aimed at taking Russian government websites offline have so far been mostly symbolic, Lokot added, but the hackers could have impact if they are able to penetrate Russian government databases and publish the information.

“Russia is fortified in terms of attack and security, but no single resource or server or database is 100% watertight,” she said.

On social media forums, Ukrainian hackers shared lists of targets that included Russian military officials and the websites of the Kremlin, Russia's military and security council. Others circulated instructions for how to prepare Molotov cocktails in anticipation of Russian troops descending on their towns and cities.

Andrey Loginov, chief technology officer of Swiss secure communications company ARMA Instruments AG, said he has signed up to help the cyber volunteers. Loginov, a Ukrainian who lives in London, said he arrived in Kyiv for a business trip last week and can't leave due to the Russian invasion.

The volunteers are trying to create “some kind of cyberwar unit for Ukraine,” using a combination of government, and non-government resources, Loginov said. He said hackers involved with the group were focusing on analytical and offensive cyber work and planned to carry out “asymmetric actions” that would bring information about the conflict to people in Russia. 

“Russian citizens are victims of propaganda,” he said. “They are pretty isolated. We want to show them what is really happening.”

Another volunteer who has signed up for the hacking campaign, a 17-year-old student of computer sciences in western Ukraine, said he wanted to use his skills to contribute to the Ukraine's fight against Russia. The situation “depends on each of us,” the student said, and “we have to help in any way we can.” He asked to remain anonymous because of safety concerns.

The Ukrainians have received support from a group of Belarusian activist hackers known as the Cyber Partisans, who have waged campaigns against the pro-Russia government in their country. The group said it was joining the effort to hack Russian government assets and put out a call on social media on Thursday seeking help with what it said was the “fight against the fascist campaign to invade fraternal Ukraine.”

A spokesman for the Cyber Partisans said in a message to Bloomberg that the group was “currently targeting assets inside Belarus, including Russian occupying forces.” The spokesman declined to provide more details on the grounds that the attack was still ongoing.

Some hackers affiliated with the collective known as Anonymous declared their own “cyber war” on the Russian government and said that they had used DDoS attacks to take down the website of Russian state broadcaster RT. Their claim couldn't be independently verified. 

On Friday, RT reported that its website – as well as those of the Kremlin, the Duma, and Russia's Ministry of Defense – had been hit by cyberattacks, with some of the websites taken offline for “extended periods.” RT told the publication Motherboard that it was hit with massive DDoS attacks after a statement by Anonymous.

Russian hackers have vowed to hit back. A criminal ransomware gang known as Conti, which cybersecurity researchers believe operates from Russia, said in a statement posted on its website on Friday that it was lending its “full support” to the Russian government. “If anybody will decide to organize a cyberattack or any war activities against Russia, we are going to use our all possible resources to strike back at the critical infrastructures of an enemy,” it said.

Shlomo Kramer, a prominent Israeli cybersecurity veteran, said he was worried that hacking campaigns waged by competing groups in Ukraine and Russia could quickly spiral out of control.

“This may cause a spill over, that's the main concern,” said Kramer, who is chief executive officer of Cato Networks Ltd. and co-founder of Check Point Software Technologies Ltd. and Imperva Inc. “The fact this is not government associated – this can't be contained. It's a particularly dangerous element of this conflict.”