Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Cyberwarfare

Hackers Claim to Have Infiltrated Belarus’ Main Security Service

A Belarusian hacker activist group claims to have infiltrated the network of the country’s main KGB security agency and accessed personnel files of over 8,600 employees.

A Belarusian hacker activist group claims to have infiltrated the network of the country’s main KGB security agency and accessed personnel files of over 8,600 employees of the organization, which still goes under its Soviet name.

The authorities have not commented on the claim, but the website of the Belarusian KGB was opening with an empty page on Friday that said it was “in the process of development”.

Seeking to back up its claim, the Belarusian Cyber-Partisans group published a list of the website’s administrators, its database and server logs on its page in the messaging app Telegram.

Group coordinator Yuliana Shametavets told The Associated Press from New York that the attack on the KGB “was a response” to the agency’s chief Ivan Tertel, who publicly accused the group this week of plotting attacks on the country’s critical infrastructure, including a nuclear power plant.

“The KGB is carrying out the largest political repressions in the history of the country and must answer for it,” said Shametavets. “We work to save the lives of Belarusians, and not to destroy them, like the repressive Belarusian special services do.”

Shametavets said the group was able to access the KGB’s network “several years ago” and has been trying to hack its website and database ever since. Once it succeeded, she said Cyber-Partisans was able to download personal files of more than 8,600 KGB employees.

Based on that data, Cyber-Partisans launched a chat bot on Telegram that would allow Belarusians to identify KGB operatives by uploading their photos.

“We want to show that in the digital world it is impossible to hide information, and the truth about political repressions will surface, and those who carried them out will be punished,” Shametavets said.

Advertisement. Scroll to continue reading.

Last week, Cyber-Partisans claimed infiltrating computers at the country’s largest fertilizer plant to pressure the government to release political prisoners. The state-run Grodno Azot plant has made no comment on the claim but its website has been unavailable since April 17.

Grodno Azot, with about 7,500 employees, is a key producer in the country, which relies heavily on chemical industries.

Belarus, a close ally of Russia, was rocked by mass protests after an election in 2020 that gave authoritarian President Alexander Lukashenko his sixth term in office — a vote that was denounced by the West and the opposition as fraudulent. Authorities responded by arresting more than 35,000 people and brutally beating thousands of them. Many top opposition figures were arrested and given long prison terms, while others fled abroad.

The country’s oldest and most prominent rights group Viasna says nearly 1,400 people are political prisoners in Belarus, including its founder and 2022 Nobel Peace Prize winner Ales Bialiatski.

Cyber-Partisans have carried out several large-scale attacks on Belarusian state media in the last four years, and in 2022 hacked Belarusian Railways three times, hijacking control over its traffic lights and control system and paralyzing transit of the Russian military equipment into Ukraine via Belarus.

“We’re telling the Belarusian authorities that if they don’t stop political repressions, it will get worse,” Shametavets said. “We will continue the attacks in order to inflict that maximum harm of the Lukashenko regime.”

Written By

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

People on the Move

Digital executive protection services provider BlackCloak has appointed Ryan Black as CISO.

Joe Levy has been appointed Sophos' permanent CEO, and Jim Dildine has been named the company's CFO.

CISA executive assistant director for cybersecurity Eric Goldstein is leaving the agency after more than three years.

More People On The Move

Expert Insights

Related Content

Cyberwarfare

WASHINGTON - Cyberattacks are the most serious threat facing the United States, even more so than terrorism, according to American defense experts. Almost half...

Cybercrime

Patch Tuesday: Microsoft calls attention to a series of zero-day remote code execution attacks hitting its Office productivity suite.

Cyberwarfare

Russian espionage group Nomadic Octopus infiltrated a Tajikistani telecoms provider to spy on 18 entities, including government officials and public service infrastructures.

Cyberwarfare

Several hacker groups have joined in on the Israel-Hamas war that started over the weekend after the militant group launched a major attack.

Cyberwarfare

An engineer recruited by intelligence services reportedly used a water pump to deliver Stuxnet, which reportedly cost $1-2 billion to develop.

Application Security

Virtualization technology giant VMware on Tuesday shipped urgent updates to fix a trio of security problems in multiple software products, including a virtual machine...

Application Security

Fortinet on Monday issued an emergency patch to cover a severe vulnerability in its FortiOS SSL-VPN product, warning that hackers have already exploited the...

Cyberwarfare

The war in Ukraine is the first major conflagration between two technologically advanced powers in the age of cyber. It prompts us to question...