Who are the ‘cyberpartisans’ targeting Russian military trains to Belarus?

A group of anonymous hackers claimed this week to have encrypted some of the servers and databases of Belarusian Railways, whose trains were carrying Russian troops and military equipment to Belarus amid rising tensions between Russia and Ukraine.

The group said they had disrupted the operations of the state-run company without affecting automation and security systems. 

According to reports, the Belarusian opposition group has encrypted or destroyed internal databases used by the company to control traffic, customs and stations. The hackers posted screenshots on Twitter and Telegram, purportedly showing they have gained access to the railway’s backend systems. The hackers demanded the release of 50 people detained during the anti-Lukashenko protests that erupted after the August 2020 presidential elections, and a commitment the state-owned railway company will refrain from transporting Russian troops in preparation of a possible attack on Ukraine. 

Russia has been building up troop numbers near the Ukrainian borders since last December, including in neighbouring Belarus. While the US has been sending arms shipments to Ukraine, some NATO countries have dispatched ships and fighter jets to eastern Europe and put troops on standby.

Little is known about the hacking group, whose members have fled the country and, alongside other opposition groups, have been designated as terrorists by the Belarusian government. The group has a spokesperson in the United States, and has claimed responsibility for at least a dozen hacks against the Belarusian government.

In their first known hack, the Cyberpartisans defaced the website of the Belarusian presidency, replacing the front page with the image of a silly-looking army general. It went on to carry on similar symbolic attacks on other government websites including tampering with the most-wanted list on the ministry of interior’s website, adding Lukashenko and the minister to it.

During large-scale protests in Belarus in 2020, the group was reported to have leaked the personal data of 1,000 police officers amid a crackdown on protesters, with the aim to expose their identities. The leak was distributed through a popular channel on the messaging app Telegram.

They also targeted the website of the tax collection ministry, the chamber of commerce, and the online broadcast of two state TV channels whose programming was interrupted by videos about police brutality against protesters.

A year later, the group claimedto have gained access to more than five million wiretapped phone conversations saved on the servers of the interior ministry, including those of top officials. 

It also claimed responsibility for sabotaging prison CCTV networks and police informant databases. The Belarusian government mostly refrained from commenting on the attacks, but the head of the country’s KGB security agency, Ivan Tertel, admitted on state TV there had been a “systematic collection of information,” which he blamed on “foreign special services.”