The work done behind the scenes on the cyber front often goes unrecognized. Yet in reality, both the IT Army of Ukraine and the Belarusian Cyber Partisans are working harder than ever to help defeat the authoritarian regimes in Minsk and Moscow.
Belarus’s Cyber Partisans, a hacktivist collective aiming to topple the country’s autocratic regime, have also become an invaluable ally to Ukraine, aiding its fight against Russian aggression while pursuing change at home.
The Belarusian dictator Aliaksandr Lukashenka has admitted his deepening fears of cyberattacks, telling ministers he is now “more scared of cyber weapons than nuclear weapons.” In a striking order, he warned officials that if they could not secure their computer systems, they should “go back to using paper.”
His concerns are not unfounded. The Cyber Partisans, an underground collective of Belarusian hackers, first emerged from the 2020 mass protests against Lukashenka’s regime. Despite numbering only a few dozen members, they operate with strict secrecy to protect their identities and the safety of relatives still living in Belarus.
“Unfortunately, our most significant and successful hacks cannot be disclosed publicly. For security reasons, we must protect our ongoing access to enemy networks,” said Yuliana Shemetovets, spokeswoman for the Cyber Partisans.
Only a core group has access to the Partisans’ internal database and the authority to review hacked information. New members undergo a rigorous vetting process designed to filter out infiltrators from Belarusian or Russian intelligence services.
In January 2022, just weeks before Russia’s full-scale invasion, the Cyber Partisans hacked Belarusian Railways in an effort to disrupt Russian troop movements to Ukraine’s border, which were being disguised as “joint drills.” The attack forced the railway to revert to paper-based operations. Their efforts continued into the early days of the war, impacting Russian offensive efforts around Kyiv.
Shemetovets added, “Another major operation targeted Grodno Azot, Belarus’s largest state-run fertilizer manufacturer. This attack disrupted the enterprise's energy generation facility, and we gained access to internal cameras, documentation and emails.” She further highlighted that the Cyber Partisans “also infiltrated heating facilities that were not even connected to the internet. This complex operation was part of our efforts to pressure the regime into releasing political prisoners.”
“We know that we are one of the top organizations the regime is actively working to counter and undermine. We take this very seriously,” said Shemetovets. The group also provides assistance to “the Belarusian diaspora and various organizations, helping with identity verification, security guidance, and advice on digital best practices.” The partisans also provide technical assistance to the Kastuś Kalinoŭski Regiment, a Belarusian volunteer unit currently fighting alongside Ukrainian forces.
Cybersecurity experts have taken note of the group’s sophistication. According to Vasileios Karagiannopoulos, Associate Professor of Cybercrime and Cybersecurity at the University of Portsmouth, “the Cyber Partisans seem to have a well thought-out organisational structure with different expertise and strong collaborative networks in the wider activist arena in the country.”
“They manage their media presence well through their spokesperson, which is very important for making their claims and activities more widely known and acknowledged,” he said. “And they seem to have very diverse tactical choices in order to maximize their efficiency, but also perhaps adopting some important ethical guidelines of more traditional early hacktivist groups.”
“They tend to be a more concrete collective that is nation-focused, but this has not stopped them from engaging in activities that are indirectly related to their national goals.”
The two groups employ different tactics, with the Ukrainian side often coming out with its digital guns blazing. Ukraine’s IT Army specializes in large-scale DDoS attacks designed to disrupt operations and cripple networks, causing widespread disruptions across Russia.
In one of their latest attacks against Russia telecom infrastructure, their Telegram channel posted: “A wave of attacks on RU’s backbone telecoms crippled internet in Irkutsk region. Raketa, DreamNet, Baikal Teleport — all publicly confirmed DDoS hits, broken service, and a flood of user complaints. Mobile data, IPTV, VoIP — gone. ‘We’ve had no internet for 3 days,’ one user wrote.”
While the IT Army of Ukraine no longer garners the same level of international media attention as it did in its early days, it remains a potent force. According to cybersecurity expert Pascal Geenens, the IT Army continues to operate a dynamic online DDoS leaderboard, where top contributors run infrastructures of nearly 350 hosts using automation tools provided by the group.
Their Telegram channel regularly posts updates, highlighting not only DDoS attacks but also breaches and intrusions. Geenens describes the IT Army as an unofficial extension of Ukraine’s defense forces, assisting ground troops with intelligence from cyber breaches and using DDoS attacks as effective smokescreens to keep Russian defense systems and institutions under constant pressure. Although international participation has declined compared to 2022 and early 2023, the core contributors, who made the most impact even in the early stages, remain active and committed.
One reason for the IT Army’s sustained strength is its low barrier to entry. Geenens notes that the group has enhanced existing DDoS tools and packaged them for easy installation, with detailed documentation and ongoing support through Telegram. This accessibility has democratized participation in cyber operations, allowing a broader segment of the public to contribute to Ukraine’s digital defense.
Russia’s Permanent Representative to the United Nations, Vasily Nebenzya even accused the IT Army of Ukraine of waging a coordinated disinformation campaign against Russia. Russian cybersecurity firm F6 identified the IT Army of Ukraine as the most active hacking group targeting Russian digital infrastructure, reporting a surge of at least 50% in DDoS attacks in 2024.
“If I had to sum up 2024 in one word, it would be focus. We moved away from broad attacks and started hitting high-value targets with a much bigger impact. The numbers tell the story: we focused on 79 key IPs, and the estimated economic losses we inflicted were nearly 10 times greater than in 2023–around $1.2 billion at our lowest estimate,” said Ted, spokesperson for the IT Army.
“We’re sticking to our refined approach, high-impact targets over mass disruption,” he continued. “Instead of taking down random websites for a few hours, we aim to keep valuable assets offline for days. Just in January, we had two IPs that stayed down for five days, which is a major improvement over past operations.”
Ted pointed out that “our ties with intelligence services have strengthened, and that naturally brings us closer to battlefield needs. The more our efforts can align with Ukraine’s broader strategy, the better.”
“We’re also looking beyond Ukraine’s immediate needs and thinking about the bigger picture. This year, we want to document and systematize everything we’ve learned, creating a playbook for cyber guerilla operations. The idea is simple: if a country ever finds itself in a situation like Ukraine’s, they won’t have to start from scratch."
He concluded, “We’re calling on NATO and allied governments—this is your chance to learn from our experience and be ready to launch IT Army-style cyber resistance if needed.”
