Chronicles of the Cyberwar

On February 24, hackers breached the website of the Russian Academy of Sciences’ Space Research Institute and published files they claimed were stolen from Roscosmos. The next day, a DDoS attack targeted the .ru top-level domain, effectively attempting to block access to all URLs ending in .ru. These are just the latest hacktivist actions in support of Ukraine.

The start of the military conflict was marked by massive DDoS attacks on Ukrainian government institutions, with wiper malware launched on hundreds of computers. In response, Ukraine called on civilian hackers worldwide to join a volunteer “IT Army” to help the country fight Russia alongside traditional military forces. As the conflict escalated into violence and NATO countries imposed severe economic sanctions on Russia, data leaks by hacktivists, website defacements, and cyberattacks became some of the most visible—and possibly most influential—arenas of digital warfare.

The Double-Edged Sword of Hacktivism

Experts warn that the combination of hacktivism and active combat creates a troubling picture. On one hand, hacktivism can lead to unintended escalation or jeopardize intelligence operations. Moreover, during active warfare, hacktivism can be even less effective and more distracting than in peacetime.

“There is an armed conflict between two states, involving powerful weaponry, civilian casualties, and physical destruction,” said Lukasz Olejnik, an independent cybersecurity researcher and former advisor to the International Committee of the Red Cross on cyberwarfare. “Let’s be honest—what can hacktivism really change in this scenario? Most reports about hacktivism are, at best, unverifiable. Of course, hacktivist actions are widely covered on social media and in traditional media. But what is their real effect?”

High-Profile Hacktivist Actions

Nevertheless, hacktivist actions have been highly visible. At the start of the military operation, the hacker group Anonymous declared it was “officially in cyberwar against the Russian government.” The group claimed responsibility for attacks that temporarily took down several Russian government websites, including those of the news agency RT, energy giant Gazprom, the Kremlin, and other government institutions. Hacktivists also altered data in the maritime tracking system, renaming a yacht allegedly belonging to Putin to “FCKPTN” with “HELL” as its destination. Shortly after, two groups—Anonymous Liberland and Pwn-Bär Hack—leaked about 200 gigabytes of emails from Belarusian arms manufacturer Tetraedr.

On Monday, February 28, Anonymous carried out a mass hack of news websites, posting anti-war slogans. Major Russian media outlets, including Kommersant, TASS, and RIA Novosti, were among those affected.

Cyber Sabotage and Escalation

Hacktivist activity in cyberspace preceded actual sabotage. The hacker group Belarusian Cyber Partisans launched a cyberattack on Belarus’s railway system at the end of January. After the conflict began, they struck again, aiming to slow troop movements along Ukraine’s border. This week, the group announced their goal was to disrupt Russian military logistics.

“We continue to help Ukrainians in their fight against Russian troops,” the group tweeted on Sunday. “Belarusian Railways is under attack. Manual control mode is enabled, which will slow train movement but NOT cause accidents. Our actions do not threaten ordinary citizens!”

Juliana Shemetovets, a spokesperson for the Cyber Partisans, reported that the group had grown in recent weeks. “Since the war began, five new members—all Belarusians—have joined. Even more are on the waiting list.”

Pro-Russian Hackers and Counterattacks

Meanwhile, ransomware groups Conti and CoomingProject announced their support for Russia. Soon after, Conti’s internal communications were leaked, allegedly by partners, revealing details about the group’s organization and operations. As a result, on March 2, Conti was forced to shut down its infrastructure. This shows that hacktivist actions can have tangible consequences, regardless of their direct impact on the war.

The next day, security researchers from Trustwave SpiderLabs reported that the pro-Russian group JokerDNR was publishing blog posts aimed at discrediting Ukrainian officials, including alleged names, addresses, and other contact information of Ukrainian government employees and military personnel.

Pro-Russian hackers have also been active. On March 3, the Russian hacker group RaHDit claimed to have hacked 755 Ukrainian government websites, mostly local authorities.

Defensive Measures and Data Leaks

Several cybersecurity companies and organizations have released free digital protection tools or expanded their free offerings to help Ukrainians defend their networks. For example, Google reports that its DDoS protection service, Project Shield, which focuses on human rights protection, is now used by over 150 Ukrainian websites.

It’s worth noting that not only hacktivists are leaking data. On March 1, the Ukrainian newspaper Pravda published a list of personal data allegedly identifying about 120,000 Russian soldiers stationed in Ukraine. The Ukrainian IT Army has also adopted some hacktivist tactics, aiming to use them in a more organized and strategic way.

“DDoS is fine, but it’s a blunt tool,” says an IT Army member using the pseudonym “November.” “Our main task is to counter disinformation about the conflict by any means possible and to provide high-quality open-source intelligence to help save Ukrainian lives.”

The Risks of Hacktivism in Wartime

In situations like the war in Ukraine, hacktivism can do more harm than good. Some researchers warn that the worst-case scenario would be an incident or series of attacks that unintentionally escalate the conflict or are used as a pretext for escalation by either side.

Additionally, by exposing vulnerabilities in sensitive networks and digital platforms, hacktivists may inadvertently reveal friendly intelligence operations already underway.

“Hacktivism is always loud by nature, while intelligence is usually quiet,” says Jake Williams, an incident response specialist and former NSA hacker. “Hacktivists with the noblest intentions, loudly announcing their actions, can unintentionally expose an intelligence operation that could have continued undetected in a vulnerable network. Spies may be inadvertently revealed because of a noisy hacktivist attack.”

Williams adds that when access to critical information is lost during combat, spies are forced to try to regain access by any means necessary. To do so quickly, intelligence agents may take significant risks, expose themselves, or use hacking tools that could later be discovered.

“When boots are on the ground and bullets are flying, it’s hard to see hacktivism as a positive force,” Williams said.