Cyber Partisans consists of a group of Belarusian IT workers who live abroad.[1] In an August 2021 interview to Bloomberg, hackers shared some details about themselves: they are 15 people, none of whom are professional hackers; of them, only 3 or 4 perform the hacks, others deal with the analysis of obtained data; and some group members were penetration testers before joining the group.[2][3] Members are anonymous even to each other.[4] The group describes its activities as ethical hacking, as it goes only against the state and do not harm to ordinary citizens.[2][3][5] In late January 2022, the group reportedly consisted of some 30 people.[5] Its spokesperson, Yuliana Shemetovets, is based in New York.[6][7]
An anonymous spokesperson for the group told in an interview to MIT Technology Review: "What we want is to stop the violence and repression from the terroristic regime in Belarus and to bring the country back to democratic principles and rule of law."[3] In 2021 and 2022, the group affirmed that it was not collaborating with any foreign government, but "we are not against it, as long as it aligns with our depicted goals, to change the regime."[6]
Cyber Partisans work together with the BYPOL group, which consists of former Belarusian police officers working against Lukashenko's government. Their knowledge of database structure helps to plan and execute the Partisans' moves.[8][2]
In July 2021, Cyber Partisans cracked the Ministry of Internal Affairs' most sensitive databases. The group obtained a large volume of material, includes the archive of almost 2 million minutes of secretly recorded phone conversation audio; lists of alleged police informants; personal information about top government officials; and video footage gathered from police drones and detention centers. The group also obtained the databases for passports, all registered motor vehicles, recordings from the cameras in the Okrestina prison's isolation cells, and mortality statistics. The group shared these data with the journalists who calculated the excess mortality during the COVID-19 pandemic in Belarus. They concluded that from March 2020 to March 2021, this figure was 32,000 people, 14.4 times more than the authorities reported.[10][8] The group published passport data of Lukashenko and his sons to prove that they really hacked that database. The authenticity of the data was also demonstrated by data on journalists from Current Time TV, which the Partisans provided to Current Time at the outlet's request to prove the veracity of the leak.[10]
During the 2022 Russian invasion of Ukraine, Cyber Partisans was one of three main Belarusian dissident groups that worked to stymie the Belarusian involvement in the Russian invasion, specifically by targeting railroad supply lines. (The other groups were Belarusian railway workers and defectors from the government's security forces).[1] Cyber Partisans launched the first attack on the railway's systems in late January 2022, in the days immediately before the invasion slowing the movement of Russian troops before they had crossed the border.[1] The group said that it had penetrated the Belarusian Railway's network system the previous month, in December 2021.[6] A spokesperson for Cyber Partisans said that the railway company's system was vulnerable and ran on an outdated Windows XPoperating system.[1] The group used a modified form of ransomware to paralyze the railway system, saying that it would return to computer network to normal if the Belarusian government released 50 political prisoners in need of medical treatment and stopped Russian forces from entering Belarus.[1][5] Partisans cracked and encrypted internal databases of the railway.[4] The group targeted freight rail to disrupt Russian military movements and cargo bound for China; the group said that it deliberately avoided affecting passenger rail.[6]
The group also obtained access to a database of all border crossing records. To prove it, one of the group members provided a Guardian journalist "a full list of his travel records to Belarus going back to 2016".[4] Cyber Partisans provided the border entry and exit data to the investigative journalism group Bellingcat.[6]
In February 2023 the group revealed that they cracked into Roscomnadzor, Russian internet censorship agency. The attack disrupted the internal network of the organization. The crackers obtained between 1.2 and 2 Terabytes of data including 1.5 million emails and 200 thousand of internal documents. Cyber Partisans gave the data to journalists, including Mediazona and Süddeutsche Zeitung.[11][12]
In July 2023, the group claimed that they attacked the Belarusian State University (BSU) and got 3 terabytes of data, encrypted and wiped the university's servers. BSU officials denied the fact of attack, though their website was down for several days. The reason of the attack was explained in a tweet:[13]
We started working on this attack 2 months ago after BSU posted a video with a student who was humiliated & forced to apologize. Since 2020 many students were detained and staff let go for political positions
According to Yuliana Shametavets (Russian: Юлиана Шеметовец) on 26 April 2024, Cyberpartisans stated on their website that they had penetrated the Belarus KGB computer network in fall 2023 accessing the files of 8,600 Belarus KGB employees and that, beginning in February 2024, Cyber Partisans had suppressed the Belarus KGB computer network for at least two months and that this "was a response" to the Belarus KGB chief Ivan Tertel because "The KGB is carrying out the largest political repressions in the history of the country and must answer for it" and added that "We work to save the lives of Belarusians, and not to destroy them, like the repressive Belarusian special services do."[14][15][16][17][18][19]
Response from Belarusian authorities
In a speech on state TV in July 2021, head of the Belarusian KGB Ivan Tertel blamed "foreign special services" for cyberattacks on government targets.[2]
In 2021, the Belarusian government (through the Belarusian Supreme Court and Ministry of Internal Affairs) declared the information resources Cyber-Partizans, its subsidiary project Cyber-Leaks, and all their Telegram channels to be an "extremist" group and a terrorist organization.[20][21] Creating or participating in such a group is a crime in Belarus.[22]
Reactions and analysis
Anthropologist Gabriella Coleman, a professor at McGill University and an expert on hacktivism and the Anonymous, commented to Bloomberg: "I don't think there are a lot of parallels to this, that they are so sophisticated and are attacking on multiple levels, it's not something I've seen before except in the movies."[2]
According to associate professor Tetyana Lokot of Dublin City University, who specializes in protest and digital rights issues in Eastern Europe, "If ever Lukashenko ends up facing prosecution in the International Criminal Court, for example, these records are going to be incredibly important."[2]
The group was praised by the Belarusian opposition, including Franak Viačorka, a senior adviser to exiled opposition leader Sviatlana Tsikhanouskaya.[5]Andrei Sannikov, a former Belarusian diplomat and a candidate at the 2010 presidential election in Belarus, in an interview to MIT Technology Review said that "They’re making the regime's crimes transparent. The information they're getting by hacking the state really is very eloquent in witnessing the criminal activities of the regime against the citizens."[3]
The group was the subject of the BBCRadio 4 series Digital Human episode that aired in March 2022.[23]