Invasion of Ukraine: Hackers attack computers of Belarusian railway

Invasion of Ukraine: Hackers attack computers of Belarusian railway

Invasion of Ukraine: Hackers attack computers of Belarusian railway

Ein russischer Militärtransport fährt per Bahn Richtung ukrainische Grenze. Bild: InformNapalm Community
The railway is also involved in the transport logistics of the Russian Armed Forces for military actions against Ukraine. Subject to confirmation of the reports, pro-democracy hackers attacked central computers of the Belarusian state railway BelŽD (БелЖД) in order to delay the transport of Russian military equipment to the Belarusian-Ukrainian border.

The online service InformNapalm Community reported on January 24, 2022 that on the Russian news service Telegram, a group called Cyber ​​Partisans claimed responsibility for the attack. It reads: “As part of the “Peklo” (translated: Hell, the editorial staff) cyber campaign, we encrypted the bulk of the servers, databases and workstations of the BelŽD in order to slow down and disrupt the operation of the railroad. The backups were destroyed. Dozens of databases have been subjected to cyberattacks, including AS-Sledd, AS-USOGDP, SAP, AC-Pred, pass.rw.by, uprava, IRC, etc. Automation and security systems were deliberately NOT affected by a cyber attack in order to avoid emergency situations.”

On January 24, 2022, the “Cyber Partisans” post how they delete a backup… Screenshot: Cyber Partisans
On January 24, 2022, the “Cyber Partisans” post how they delete a backup… Screenshot: Cyber Partisans

Backups have been deleted…

Reports state that the attack also affected freight trains. The group wrote on Twitter on the same day: “Cyber-Partisans@cpartisans: We have encryption keys, and we are ready to return Belarusian Railroad’s systems to normal mode. Our conditions: – Release of the 50 political prisoners who are most in need of medical assistance. – Preventing the presence of Russian troops on the territory of #Belarus.” The main goal: to overthrow the regime of the Belarusian ruler Lukashenko, “to preserve sovereignty and build a democratic state with the rule of law, independent institutions and the protection of human rights.”

… on the same day the website of the Belarusian State Railway reports technical problems … Screenshot: arstechnika.com

In fact, the screenshots published by the “Hack-tivists” seem to confirm that they were on official computers of the Belarusian Railway when the pictures were taken. A screenshot shows that a memory with a backup is about 28 percent formatted – the data will be deleted. Screenshots of BelŽD’s official website bear the notice that “due to technical reasons” reference web resources of the State Railway “and services for issuing electronic travel documents are temporarily unavailable”.

… and the “analogue” ticket offices have more work to do

… and on February 25, 2022, the website of the state railway apologizes for the loss of data until January 24. Screenshot: rail & mobility

A screenshot of our editorial team from today shows the following entry on the same website: “Due to technical reasons, the return of electronic travel documents processed on the web resources of the Belarusian railway by January 24, 2022 is not accessible. For the return of travel documents, we ask that you contact the ticket office. We apologize for the inconvenience caused.” Apparently, the BelŽD was in fact unable to recover any data about events before January 24th. And the data packets encrypted by the hackers are not available because the Belarusian leadership is not responding to the hackers’ political demands.

The “cyber partisans” are attributed to a movement of political dissidents operating under the name of “Solidarity”, which calls for a democratic government in Belarus. After several attacks on various government computers, the group was labeled “terrorists” by the official state leadership in November 2021. However, the group behaved towards the Belarusian state railway as a “gentlemen’s hacker” and did not intervene in the railway technology. So the permanent damage should be small.

Perhaps the Belarusian State Railway has given itself a “digital jolt” in the meantime? Among the documents released by the hackers is an official order from the Ministry of Transport that the heads of the design-technical center and the information protection center of the state railway should “ensure the indispensable connection and operability of data transmission channels through the unified republic network of data transmission” between the state railway and the General Staff of the Army. Although this order number 201NZ dates from March 11, 2021, and is based on order number 155NZ from February 13, 2015, apparently not much happened in this regard.

“Gentlemen’s Hacker” as David vs. Goliath

Juan Andrés Guerrero-Saade, a senior threat researcher at security firm SentinelOne, points out: “This is an interesting twist in the ransomware narrative. Until now, we have viewed ransomware as a financial problem for companies, rather than a tool for the underdog in a revolutionary struggle.”

In fact, cybercriminals have so far used hacking attacks with data encryption to extort money payments. Hacker groups attributed to state secret services attacked official servers in other countries with the aim of data theft or sabotage. But hacker attacks to blackmail democratic demands, that’s a novelty. At the same time, Western security authorities point out that because of Russia’s military activities in Ukraine, there is also a greater risk of Russian cyber attacks on Western infrastructure. This could also affect companies in the transport industry. That’s why you should be particularly careful when handling your own data.

Hermann Schmidtendorf, Editor-in-Chief

Share on xing
Share on facebook
Share on twitter
Share on linkedin
Share on whatsapp
Share on print

Other posts you may be interested in