Cyberattack Targets Belarus’ Rail Network To Slow Flood Of Russian Forces Into The Country

The cyberattack was claimed by a non-state actor and underlines just how complex the cyber battlefield is becoming.

byBrett Tingley|
Eastern Europe photo


Portions of the computer networks that support Belarus' national railway infrastructure are reportedly still reeling from the effects of a cyberattack. An independent hacking group claimed responsibility for the incident, which they said was in part intended to hamper the movement of Russian forces into the country. The Kremlin has deployed thousands of troops to Belarus, along with a wide array of materiel, including tanks, short-range ballistic missiles, and combat aircraft, in recent weeks, much of it by rail. Although these forces are officially set to take part in large-scale exercises next month, there continue to be fears that this might actually be part of Russian preparations to launch a new invasion of Ukraine.

Russian military vehicle drives on a railway platform before transferring to attend a joint military drills in Belarus, in Russia, Monday, Jan. 24, 2022., AP

The cyberattack was conducted by a group calling itself the Belarusian Cyber-Partisans in an effort to disrupt the ongoing flow of Russian military equipment into the country. In a message posted to Telegram on January 24, the hacktivist group wrote that the Belarusian Railway, or BelZhD, had allowed “occupying troops to enter our land” at the order of the “terrorist Lukashenko,” or Belarusian President Alexander Lukashenko.

On January 24, the group posted a set of demands on Twitter that they insist must be met before they “return Belarusian Railroad's systems to normal mode.” Those demands include releasing 50 political prisoners held by the Belarusian government who are most in need of medical attention and “preventing the presence of Russian troops on the territory of Belarus.”

The group claims to have “encrypted the bulk of the servers, databases, and workstations of the BelZhD in order to slow down and disrupt the operation of the road” and destroyed backups. The cyberattack affected a wide swath of Belarusian Railway’s operations including ticketing and scheduling services and freight deliveries, but avoided systems related to security or emergency operations. 

In a direct message to Ars Technica sent the same day, a representative for the Belarusian Cyber-Partisans said the cyberattack was not difficult to execute because Belarusian Railway’s network wasn’t hardened against intrusion. "This network has many entry points and is not well isolated from the Internet,” the representative said. “Cyber partisans entered from one of these points and then opened many other entry points from within.”

The cyberattack is occurring as hundreds of trains filled with Russian military equipment and personnel have been arriving in Belarus as part of snap military drills that are underway and set to run through February. Reuters reports that a large amount of Russian hardware, including 12 Su-35 fighters, two divisions of S-400 surface-to-air missile systems, and a division of Pantsir-S air defense systems has arrived in Belarus from far to the east. Rail has been key to the movement of all of these assets, with the exception of the fighter jets.

 A Russian Su-35S fighter jets taxies after landing on an airfield in Belarus to attend military drills. , AP

In addition to the hardware, a Polish military analyst quoted by Reuters estimates that anywhere from seven to ten Russian battalion tactical groups composed of between 700 to 900 troops each have accompanied the equipment on trains to Belarus for the drills. A separate estimate published on social media reportedly by a group of Belarusian rail workers says that figure is much higher. 

The drills in Belarus, known as “Allied Resolve,” are taking place along the country’s southern border with Ukraine, as well as its western borders with Poland and Lithuania. Both of those latter countries are NATO members. Belarus and Russia have said the drills are defensive in nature and will task forces with practicing how to repel an external attack. However, the presence of Russian forces in Belarus at such a tense time could force Ukrainian military planners to have to divert resources away from Ukraine’s north, east, and south where Russia’s strike capability continues to grow.

While disrupting Belarusian Railway’s ability to bring Russian military support into the country is one stated goal of the recent cyberattack, the Belarusian Cyber-Partisans also stressed that their overall aim is also a political one. Belarus saw wide protests and a subsequent crackdown after President Alexander Lukashenko won a contentious 2020 election with heavy backing from Moscow. Since then, the Belarusian government has conducted what Human Rights Watch calls an “unprecedented crackdown” that has seen journalists, political opposition figures, presidential candidates, and activists jailed or even tortured. The Belarusian government even conducted what has been called a “state-sponsored hijacking” of a commercial flight in order to detain a Belarusian journalist aboard, an act that led to indictments against four officials.

Belarusian President Alexander Lukashenko arrives to attend the Belarus Zapad exercises conducted with Russia in late 2021., AP

“The government continues to suppress the free will of Belarusians, imprison innocent people, they continue to unlawfully keep... thousands of political prisoners,” the Belarusian Cyber-Partisans’ representative said. “The major goal is to overthrow Lukashenko’s regime, keep the sovereignty and build a democratic state with the rule of law, independent institutions and protection of human rights.”

Though the Belarusian Cyber-Partisans' attack was localized and targeted an unhardened network, it did target critical infrastructure. The incident has already prompted questions about whether Russia and its allies, like Belarus, might be at risk further attacks from ostensibly independent actors in addition to state security forces, especially if the Kremlin decides to launch a new major military intervention into Ukraine. When it comes to cyber-warfare, discussions about potential threats should this crisis turn hot generally focus on those emanating from Russia, rather than the other way around.

“I can confirm there’s technical concern by both the Russians and Belarusians about this incident,” an anonymous intelligence official based in Brussels told Vice for a story published today. “It sent a message [that] their security infrastructure both physical and cyber….can’t be properly secured.”

“There’s plenty of activists, like we see in Belarus, with ability and motivation to go after Putin and Lukashenko’s regimes and Ukraine has serious capacity of their own,” an anonymous NATO intelligence officer also told Vice for the same piece. “It’s better to keep an eye on them but let them operate on their own. How much does someone need to hack a railway database in Belarus? [In] Ukraine there will be some coordination but if the country comes under invasion, we’d expect them to be very aggressive in attacking Russian systems, and the Russians attacking back.”

There is further concern that all this could spill outward, with similar cyber capabilities impacting peripheral players, such as the United States and its allies. America's critical infrastructure is far from assured when it comes to vulnerabilities to cyberattacks of varying degrees of complexity. The White House has put out a number of directives for agencies to do everything they can to harden their networks as the crisis in Ukraine grows and has outright warned of potential crippling cyberattacks against the U.S. if a full-on conflict breaks out. Other allied governments are now following suit.

If anything else, the cyber campaign against Belarus's rail system is a major reminder of just how complex the cyber battlefield is and how unprepared many systems are to repel even lower-end attacks.

Contact the author: