Belarusian Cyberpartisans is a group that uses cyberspace to fight Lukashenko's regime. They undertake, among others, attempts to hack state systems in order to disrupt them or leak sensitive data (e.g. revealing security officers). After the Russian invasion of Ukraine, the hacktivists also became a target of Russia to a greater extent.
February 24, 2022 is a day that will go down in the history of Europe and the world. Then Putin's forces attacked Ukraine, which led to bloodshed and destruction. Today, when a year has passed since those events, we talk to Yuliana Shemetovets, spokeswoman for the Belarusian Cyberpartisans, focusing on their involvement in the war and supporting Ukraine.
Szymon Palczewski, CyberDefence24.pl: You have publicly declared that you are fighting Russia by taking the side of Ukraine during war this war. How many operations have the Belarusian Cyber-Partisans carried out against Russia?
Yuliana Shemetovets, a spokeswoman for the Belarusian Cyberpartisans: There were two main operations. The first one was what we believe is the most important operation so far. It's the attack on the Belarusian Railways. CPs attacked the Belarusian Railways three times since the Russian military troops came to Belarus . As a result of it, the movement of Russian military troops stopped completely during the crucial time when Russians were attacking Kyev and Kyev area.
The second attack was on the General Radio Frequency Centre (GRFC) in Roskomnadzor, the main censor in Russia. GRFC is a crucial element in the Russian repressive machine. They monitor everything and everyone on the Internet, and once they see some disturbance, they send this information directly to FSB, National Guard, the Federal Guard Service, etc, so these agents can be promptly sent to the region where a potential threat to the stability of the regime is growing. The regime is very successful in suppressing any alternative movements or even thoughts of disobedience (for example, they monitored how regions reacted to the news of mobilization). We wanted to create problems and instability for the regime and successfully disturbed the work of the GRFC. We want the Russian regime to pay more attention to their internal problems rather than external affairs.
What was the Belarusian Cyber-Partisans main goal (in the last 12 months) from the perspective of the war in Ukraine?
We believe Belarus and Ukraine have the same enemy – the imperialistic Russian regime. Ukraine is now fighting not only for their independence and freedom but for ours as well. Our main goal stayed the same – to free Belarus. But, we understand without free Ukraine, there is no chance for Belarus. We need to weaken the Russian regime so they can't support Lukashenko. That's why we joined our efforts with the Belarusian Regiment Kastus Kalinouski fighting in Ukraine. We help them with their security, as well as cyber operations that help them to fight in Ukraine and free Belarus in the future.
How did the Belarusian Cyber-Partisans get involved in the war against Putin?
From the moment the war started, we right away declared that we will be helping Ukraine. Even before the second phase of this war (the first one started in 2014), we were publicly saying that the Russian regime helped Lukashenko stay in power. That Putin's regime doesn't believe that Belarusian and Ukrainian nations exist, and for Belarusians, it's a crucial moment to decide what side they are on: European or Russian. And our answer is definite: we need to bring Belarus back to the European family.
What was your greatest success in the fight against Russia?
The attack on the Belarusian Railways, of course. We needed to do everything in our power to disrupt the logistics of Russian military troops so they can't successfully continue their attacks on Kyev. We did everything possible to help Ukrainian defenders and those fighting on the side of Ukraine , including Belarusian volunteers.
What surprised you most about Russia's actions in cyberspace during the war?
We were surprised Russia didn't have much major success in the cyber domain. With the start of the war, "the gloves were off" and nothing really was stopping Russia from doing all they want in the cyber domain. But besides the hacking of Viasat, we didn't see major successful ops by Russia. It was unexpected. We thought there would be much more.
What else can we expect from Russia in cyberspace in the near future?
We really don't know what to expect. There wasn't enough activity from their end to judge by. Mostly DDoS attacks. We think we will see more ops from their end but nothing game-changing. We hope so.
Have you managed to gain new members who are willing to fight the Lukashenko and Putin regimes?
Yes, the group grew, though the verification process takes time, and many volunteers stay on hold.
You hacked into Roskomnadzor and leaked the data. How advanced was the operation? How did you manage to access Roskomnadzor's infrastructure and data?
We can't reveal the specifics of how the group hacked Roskomnadzor, we don't want to make FSB's job easier. What we can say is that the group exploited several vulnerabilities of the GRFC system. Once inside the system, Cyber Partisans slowly progressed in the internal network of the GRFC, gradually moving from one workstation to another, then to file servers, domain controllers, employee tracking servers, workflow, emails, etc.
How long did this operation take?
This process took many months. There was not one particular vulnerability, as claimed by the GRFC, the group took advantage of dozens of different vulnerabilities that are generally well-known. Hacktivists in the group are not professional hackers, they just studied the GRFC network well, and they already have some experience in working in such networks.
The hacktivists stayed inside the system for many months before they were discovered. No one there paid much attention to cyber partisans while they kept an eye on all the staff and what they were doing. This was easy to do because of the FalconGaze employee tracking system that they hacked. For a certain time after the announcement of the hack, the group still had access to internal correspondence. They saw panic both among the management and administrators, as well as among ordinary employees whose data was leaked. Employees were afraid that the group would sell their data or make it public, which would harm them. From internal correspondence, cyber partisans realized that the employees were extremely outraged.
Have you managed to obtain evidence that the Lukashenko regime directly supports Putin in the war in Ukraine?
Nothing in particular. We haven't been actively looking for something like that since there's more than enough evidence publicly available already.
What is the risk that Belarus will enter the war?
It's very risky for Lukashenko and he knows that. Belarusian society is not the same as Russian. Belarusians don't support Lukashenko and haven't forgiven him. Yes, there are unprecedented repressions right now, but no one changed their mind regarding the Lukashenko's regime. The Belarusian army is also not as professional as the Russian and we can see how much trouble the Russian army has. At the same time, we saw that Russians don't do logical things in this war, and we have to be ready for any scenarios, including the potential attack from Belarus and the involvement of the Belarusian army.
Thank you so much.