Hacking group claims control of Belarusian railroads

Hacking group claims control of Belarusian railroads

Incident Date : 2022 | Topic : Cyber | Region : Europe | Tag : Case Study

On January 24, 2022, A group of pro-democracy hackers calling themselves ‘Cyber Partisans’ claimed to have infiltrated the Belarusian rail network, the country’s national rail system, in an effort to disrupt the movement of Russian troops into the country amid tensions over a renewed invasion of Ukraine.

The hackers reportedly encrypted internal databases and workstations that the Belarusian railways use to control traffic, customs and stations with malware which could result in delays to commercial and non-commercial trains.  The group released screenshots appears to show their access to the railway’s backend systems.

In exchange for relinquishing control over the railway’s computer system, the Cyber Partisans are demanding that Belarus cease serving as a staging ground for the build up of Russian troops and military weaponry; and, for the release of 50 political prisoners currently held in Belarusian jails requiring medical assistance.

According to reports, the ransomware used by the hackers was specifically created but based on common practice. A spokesperson for Cyber Partisans stated that while the hackers permanently deleted some backup systems, others were mere encrypted and could be decrypted if the hackers provide the key. Using reversible encryption as opposed to wiping targeted machines would represent a new evolution in hacktivist tactics as it is the first time non-state actors developed ransomware purely to achieve political objectives.

The Cyber Partisans were quick to state that they did not yet target security or automation systems nor taken steps to paralyze trains by downing the signaling and emergency control systems. However, they maintain the capability to do so, should they choose to.

In the event that the backup servers are not properly maintained, cybersecurity experts have reported that the hackers could maintain control over the rail network indefinitely.

The Cyber Partisans, a group of about 25 anonymous IT experts and activists, have become well known in Belarus over the past two years and have been linked to a series of hacks against the government including a raid on the Belarus Ministry of Interior Affairs, giving them access to data on thousands of police officers who were otherwise looking to hide their identities due to a crackdown on civil protests as well as passport databases, files belonging to Belarusian KGB spies and security officials, police databases of informants and prison CCTV networks.

It remains unclear the extent to which the hack damaged railway operations or if they succeeded in achieving their goals.

  • This attack demonstrates that cyberattacks can be used for the purposes of achieving interstate political objectives. We must be wary of this modus operandi spreading to other groups as a means of political coercion.
  • This attack serves as an example of how the cyber domain is an increasingly attractive arena for attacks with political, commercial or other motivations. It furthermore demonstrates how a capable adversary can anonymously attack a facility as part of cyber warfare. We know that cyber warfare can often include targeting civilian sites, with a potentially large scale impact.
  • An adversary may be capable of carrying out attacks against targeted systems with varying degrees of aggression. In this case, rail services were impacted though we do not yet know the full extent of the damage or if the movement of Russian troops and weaponry were delayed in any way.

Click here to apply to receive our full case study analysis, including insights and recommendations.