Security Experts:

Connect with us

Hi, what are you looking for?



Army of Cyber Hackers Rise Up to Back Ukraine

An army of volunteer hackers is rising up in cyberspace to defend Ukraine, though internet specialists are calling on geeks and other “hacktivists” to stay out of a potentially very dangerous computer war.

An army of volunteer hackers is rising up in cyberspace to defend Ukraine, though internet specialists are calling on geeks and other “hacktivists” to stay out of a potentially very dangerous computer war.

According to Livia Tibirna, an analyst at cyber security firm Sekoia, nearly 260,000 people have joined the “IT Army” of volunteer hackers, which was set up at the initiative of Ukraine’s digital minister Mykhailo Fedorov.

The group, which can be accessed via the encrypted messaging service Telegram, has a list of potential targets in Russia, companies and institutions, for the hackers to target.

It’s difficult to judge the effect the cyber-army is having.

Russia vs. Ukraine Cyberwar

The actions reported so far seem to be limited to “denial of service” (DOS) attacks, where multiple requests are sent to a website in a coordinated manner to saturate it and bring it down. Defacement actions, in which the targeted site displays a hacked page, have also been briefly observed on Russian sites.

The “cyber-army” could also ask hackers to try to identify vulnerabilities of certain Russian sites, and send that info to more seasoned specialists capable of carrying out more sophisticated intrusive actions, such as data theft or destruction, explains Clement Domingo, co-founder of the “Hackers Without Borders” group.

But he and other specialists consulted by AFP warned the hackers against participating in the activities of the “IT Army”, or other cyber mavericks like Anonymous.

‘Too much risk’

“I strongly advise against joining these actions,” says Damien Bancal, who is well-versed in the opaque world of cybercrime. “There are plenty of other ways to help Ukrainians who are suffering”, if only by relaying the testimonies that are flourishing on social networks, he adds.

[ Read: Russia, Ukraine and the Danger of a Global Cyberwar ]

For SwitHak, a cybersecurity researcher, the maverick hackers are taking “too much risk”.

“There are legal risks, for example,” he said, Attempting to attack a website or penetrate a server or network is “computer crime”.

For Domingo there is also a real risk of “hack back,” a destructive counterattack by Russian operatives.

He is particularly appalled to see that a number of candidate hackers have obviously not taken the trouble to create a special Telegram account to participate in the IT Army, at the risk of being identified by the Russian side.

In cyberspace, and in particular on forums and other discussion groups on Telegram or Discord, “you don’t know who’s who”, insists Felix Aime, another researcher at Sekoia.

Inexperienced hackers can find themselves caught up with infiltrators from the opposite camp, and end up working for the very opponent they wanted to fight, he warns.

Between the experienced hackers, who carry out ransomware attacks, the fight is on.

The Conti ransomware group, which declared its support for Russia, saw one of its pro-Ukrainian members publish more than a year’s worth of its internal communications in retaliation, offering a treasure trove of information to the world’s cyber security researchers, police and spy specialists.

The forums where cybercriminals meet “try to stay away from any debate” on the Russian-Ukrainian war to avoid attracting the attention of state services, says Sekoia analyst Tibirna.

RelatedUkraine: Worm-Spreading Data-Wiper With Ransomware Smokescreen

Related: Russia vs Ukraine – The War in Cyberspace

Related: Microsoft: Cyberattacks in Ukraine Hitting Civilian Digital Targets

Related: CISA, FBI Issue Warnings on WhisperGate, HermeticWiper Attacks

Related: Microsoft, Symantec Share Notes on Russian Hacks Hitting Ukraine

Related: Ransomware Used as Decoy in Destructive Ukraine Cyberattacks

Written By

AFP 2023

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join this webinar to learn best practices that organizations can use to improve both their resilience to new threats and their response times to incidents.


Join this live webinar as we explore the potential security threats that can arise when third parties are granted access to a sensitive data or systems.


Expert Insights

Related Content


WASHINGTON - Cyberattacks are the most serious threat facing the United States, even more so than terrorism, according to American defense experts. Almost half...


Websites of German airports, administration bodies and banks were hit by DDoS attacks attributed to Russian hacker group Killnet


Iranian APT Moses Staff is leaking data stolen from Saudi Arabia government ministries under the recently created Abraham's Ax persona


The war in Ukraine is the first major conflagration between two technologically advanced powers in the age of cyber. It prompts us to question...

Application Security

Fortinet on Monday issued an emergency patch to cover a severe vulnerability in its FortiOS SSL-VPN product, warning that hackers have already exploited the...


Russia-linked cyberespionage group APT29 has been observed using embassy-themed lures and the GraphicalNeutrino malware in recent attacks.

Application Security

Virtualization technology giant VMware on Tuesday shipped urgent updates to fix a trio of security problems in multiple software products, including a virtual machine...


A newly identified threat actor tracked as NewsPenguin has been targeting military organizations in Pakistan with sophisticated malware.