A hacktivist group calling itself Belarusian Cyber-Partisans claims it hacked the Belarus railroad system as it allows the “occupying troops” (referring to the Russian military) to enter the country.
A Belarusian hacktivist group known as The Belarusian Cyber-Partisans allegedly launched a ransomware attack against Belarus’s railway system to protest against the government of president Alexander Lukashenko and the surge in Russian troop movements across Belarus.
The hacktivist group took to Twitter to reveal details of the hack. The group claimed it encrypted the Belarusian Railways’ networks, which crippled the system and disrupted their ticket sales.
The hacktivists criticized the policies of Lukashenko, referring to him as a “terrorist,” and posted a list of demands to provide encryption keys to unlock the system. Here are the excerpts of their post.
“At the command of the terrorist Lukashenko, #Belarusian Railway allows the occupying troops to enter our land. We encrypted some of BR’s servers, databases, and workstations to disrupt its operations. Automation and security systems were NOT affected to avoid emergency situations — We have encryption keys, and we are ready to return Belarusian Railroad’s systems to normal mode. Our conditions: Release of the 50 political prisoners who are most in need of medical assistance. Preventing the presence of Russian troops on the territory of #Belarus.”
The group claims that it was relatively easy to access the Belarus Railways’ network because of the many entry points it contained.
“This network has many entry points and is not well isolated from the Internet. Cyber partisans entered from one of these points and then opened many other entry points from within,”
Yuliana Shemetovets – Belarusian Cyber-Partisans.
Russian Troops the Real Target?
Yuliana Shemetovets revealed that Cyber-Partisans’ objective was to cause disruption to the railway system of the country to “indirectly affect the Russian troops,” that wanted to use Belarusian territories to attack Ukraine.
Security firm SentinelOne’s principal threat researcher, Juan Andrés Guerrero-Saade, didn’t confirm that the group launched a ransomware attack. However, Juan said that the images provided by the attackers confirm that they indeed gained privileged access to the country’s railway network.
Additional proof of the hack
Although, the Belarus Railroads has confirmed the attack at the time of publishing this article, the official website of the Railroads system was back online and seems to be operating normally.
However, in a tweet earlier today, the hacktivist group responded to some of the media reports challenging its narrative. If you are interested in going through the proof of hack tweeted by the group follow this Twitter thread.