Ukraine war: What’s the impact of cyber guerrillas?

Ukrainian "hackivist" groups, notably the IT Army, conduct cyberattacks against pro-Russian targets, impacting over 400 entities in 2023

On a website, the Ukrainian government gives instructions on how to attack pro-Russian targets in cyberspace. (photo: DW)
On a website, the Ukrainian government gives instructions on how to attack pro-Russian targets in cyberspace. (photo: DW)


Hackers shut down internet connections in Russian-occupied parts of eastern Ukraine in late October 2023. In some areas, it took Russian telecom providers days to restore connectivity.

Soon after, the IT Army of Ukraine took credit for the cyberattack. The hacker group is the most prominent example of several volunteer "hackivist" groups that have mobilised to support Ukraine in cyberspace.

The covert nature of their operations, many of which are illegal, makes it impossible to fully assess the scope of such groups. But cybersecurity researchers agree that their activities have impacted the war since Russia began its full-scale invasion in February 2022.

"The aim is to discredit the Russian state, to show that it can't protect the services of Russian businesses," said Stefan Soesanto, the head of the cyberdefense project at the Center for Security Studies at ETH Zürich, a Swiss university. "In that sense, they have a real impact, in particular on the psyche of people in Russia."

He added that throughout the war, the activities of groups like the IT Army have become more sophisticated, shifting their focus to fewer but more targeted operations.

Ukraine's Ministry of Digital Transformation, which coordinates the efforts of the IT Army through a website and a Telegram group, confirmed that "in 2023, the IT Army shifted its strategy to target fewer entities but maximize impact, focusing on major players in the finance and infrastructure sectors and indirectly affecting military components."

This year, with around 130 attacks that have been made public, the group has disrupted the operations of more than 400 pro-Russian targets, a spokesperson told DW in an email.

"There is also a similar number of operations that IT Army hasn't disclosed for various reasons," she wrote.

Causing confusion and economic damage

On February 26, 2022, two days after Russian tanks began rolling into Ukraine, Ukraine's Minister of Digital Transformation, Mykhailo Fedorov, called on volunteers around the world to launch cyberattacks on pro-Russian targets.

It was considered the first time a country under attack had openly issued such a call – and it was answered by thousands of cyber guerrillas worldwide.

The early days of the IT Army were characterized by fairly crude and uncoordinated operations. Since then, the group has evolved into an organized entity with close ties to the Ukrainian government, according to researcher Soesanto.

Its attacks have both inflicted significant economic damage on Russian businesses and sown chaos among the Russian public, Soesanto told DW.

In May 2022, for example, an attack claimed by the IT Army shut down Russia's Chestny Znak supply chain monitoring system which tracks and traces products in the Russian market to guarantee the authenticity and quality of the goods sold in Russia.

In February 2023, the group claimed responsibility for bringing down Russian state media websites during a parliamentary address by President Vladimir Putin.

A range of hacker groups

With such operations, the IT Army has emerged as the most influential pro-Ukrainian actor in the ongoing cyber-guerrilla war.

But it's not the only one: Other hacking groups, some of them interconnected, have also launched cyberattacks against pro-Russian targets.

In October, a group called the Ukrainian Cyber Alliance said it had shut down a website run by a ransomware group with links to Russia. That same month, two other pro-Ukrainian collectives claimed to have broken into the systems of Russia's largest private bank, Alfa-Bank, and obtained internal documents.

Recently, another Ukrainian volunteer hacker group told US radio station NPR that it had organised an online contest focused on gathering open-source information about Russian officials that it would share with partners in Ukraine's government.

Legal uncharted territory

Such links between hackers and the Ukrainian government have drawn criticism for blurring the lines between state and non-state actors in cyber warfare.

Without specifically mentioning Ukraine, the International Committee of the Red Cross (ICRC) has called the increasing involvement of civilian hackers in military conflicts a "worrying trend," warning that it could undermine the distinction between combatants and civilians during war.

The organization also warned that the unprecedented phenomenon could lead to a spiral of escalation. "The more civilians take part in military operations, … the greater the risk of civilians and civilian infrastructure being targeted," Veronique Christory, the ICRC's senior arms adviser, said in mid-December.

To resolve legal ambiguity over its IT Army, Ukraine is reportedly preparing legislation to integrate members into the reserve section of the armed forces. The spokesperson for Ukraine's Ministry of Digital Transformation declined to comment on the progress of these initiatives.

At the same time, Stas Yurasov, CEO of the Ukrainian technology publication, warned that the efforts of pro-Ukrainian online guerrillas, however well intentioned, would not be enough to protect the country from Russia's efforts to weaken Ukraine through cyberattacks.

"Volunteers are just that, volunteers," Yurasov told DW. "Imagine our army fighting the ground war with only volunteers."

A recent large-scale attack on Ukraine's largest mobile operator, Kyivstar, which damaged IT infrastructure and disrupted services across the country, showed that Ukraine had done too little to strengthen its official cyber capabilities and protect the country's critical digital infrastructure, he said.

A new chapter in digital warfare

Nearly two years into Russia's full-scale invasion, many details cyber volunteers' activities remain unclear.

What is becoming increasingly clear, however, is that "we have entered an era where hacking is becoming a core part of military conflicts," said cybercrime and IT law expert Vasileios Karagiannopoulos from the UK's University of Portsmouth.

He is convinced that the phenomenon of hackers taking sides in military conflicts is here to stay.

In the coming years, "the engagement of those non-military actors is going to become much more prominent," Karagiannopoulos told DW.

Follow us on: Facebook, Twitter, Google News, Instagram 

Join our official telegram channel (@nationalherald) and stay updated with the latest headlines