Belarusian hacktivists’ cyberattack on railway system to disrupt movement of Russian troops

Belarusian hacktivists’ cyberattack on railway system to disrupt movement of Russian troops
Major routes of Belarus Railways. / wiki
By Dominic Culverwell in Berlin January 25, 2022

The Belarusian Cyber-Partisans have targeted the state-owned Belarusian Railway, encrypting servers, databases and workstations in response to the presence of Russian troops in the country, the hacktivists announced via Twitter on January 24. 

The group, who strongly oppose the Aleksander Lukashenko regime, wrote on Telegram and Twitter: “We have encryption keys and are willing to get BelZD systems back up and running under certain conditions. Our conditions are: The release of 50 political prisoners most in need of medical care. Preventing the presence of Russian troops on the territory of Belarus.”

They emphasised that automation and security systems are not affected in order to avoid emergency situations. 



Russian troops and artillery were spotted travelling via trains through Belarus earlier this month, in the midst of heightened tensions with neighbouring Ukraine. Russia and Belarus claim the movement is part of an alleged training exercise between the two countries. However, as bne IntelliNews reported, opposition figures are outspoken against the presence of the Russian military.

As of yet, Belarusian Railways has not confirmed the attack. However, a message on its website states: “For technical reasons, services for issuing electronic travel documents are temporarily unavailable”, tech-website BleepingComputer reported on January 24.

Currently, the railway is attempting to “restore the performance of the systems”. 

Belarusian Cyber-Partisans uploaded screenshots of the domain controller, the destruction of dozens of terabytes of backup server, and images showing that employees frequently used pirated software, which the group hinted was how they managed to hack the railway company.



A spokesperson for the group, Yuliana Shemetovets, said that it is too early to gauge the impact of the cyberattack but confirmed rail freight is affected, which the group believes will disrupt the movement of Russian troops, according to Reuters.

In an interview, Franak Viačorka, a journalist and senior advisor to opposition leader Svetlana Tikanovskaya, said the attack “could paralyse the railroad infrastructure, which has been used in the last week for transporting Russian military vehicles and soldiers to Belarus territory,” reported Bloomberg News.


Who are the Belarusian Cyber-Partisans?

The group formed during the major anti-Lukashenko protests in summer 2020. They are part of the Belarusian Resistance alliance- Suprative. According to their manifesto, the alliance's goals are: 

  • Preservation of the independence, sovereignty and territorial integrity of Belarus;
  • Overthrow of the Lukashenko regime;
  • Stabilisation of Belarus during the transition period, return to democratic principles of governance and rule of law;

The group claims to have participated in projects with the investigative team Bellingcat and the Organised Crime and Corruption Reporting Project. They have released information identifying special forces and police informants working with Lukashenko’s regime as well as corrupt government officials.


This latest hack is part of their ‘Peklo’ operation, Russian for 'inferno' or 'scorching heat', launched in November 2021 and dubbed "the largest sabotage cyberattacks in the history of Belarus”, against Lukashenko’s regime. The hacktivists have executed several major cyberattacks against the government and state-owned companies since the launch of the operation, including encrypting the servers and computers of Belaruskali, one of the country’s biggest state-owned companies, in response to “terrible work conditions and safety violations”.