Websites for the Russian Foreign Ministry as well as the country’s largest stock exchange and a key state-owned bank were offline Monday, as loosely organized groups of volunteer hackers pledged to retaliate against the Kremlin for its invasion of Ukraine.
An “IT army” created by the Ukrainian government urged more than 200,000 followers on its Telegram channel Monday to attempt to take down the website of the Moscow Exchange. Thirty-one minutes later, the channel’s administrators shared a screenshot suggesting the exchange’s website had been knocked offline.
“Mission accomplished!” they wrote in English.
The suspected takedowns are part of a volley of mostly low-level cyberattacks in recent days that have temporarily downed Russian websites or defaced them with antiwar messaging. Ukrainian volunteers and self-proclaimed hacker activist groups, or hacktivists, claim to be behind the activity, while some criminal ransomware operators have pledged loyalty to the Kremlin, suggesting the digital front of the deadly conflict is entering an unpredictable new phase.
Ukrainian Minister of Digital Transformation Mykhailo Fedorov on Saturday called for volunteer hackers to follow a Telegram channel dedicated to listing potential targets, saying on Twitter, “There will be tasks for everyone. We continue to fight on the cyber front.”
In addition to targeting the Moscow Exchange, the so-called IT Army of Ukraine on Monday urged its Telegram followers to attack the site for state-owned Sberbank. The IT Army administrators’ stated goal was to inflict more financial pain as “people in Russia are withdrawing money from ATMs en masse.”
Both websites remained offline Monday afternoon. Representatives for Sberbank and the Moscow Exchange, which halted trading Monday after the U.S. and other governments imposed sanctions on Russian financial institutions, didn’t respond to requests for comment.
The disruption of the Russian Ministry of Foreign Affairs site came amid days of intermittent outages on other government portals. The global hacker collective known as Anonymous also claimed to have stolen and leaked information from the Russian Defense Ministry, which the Kremlin denied through state-backed media agency Tass.
On Monday, Russian media outlets including Tass were defaced with a message that criticized Russian President Vladimir Putin and carried Anonymous branding. Mr. Fedorov, the Ukrainian digital minister, subsequently shared an emoji of the Ukrainian flag in a Twitter post tagging the main account affiliated with the hacker collective.
Attributing such attacks to particular hackers is difficult, even for Ukrainian government officials helping to organize some of the efforts, said Alex Bornyakov, Ukraine’s deputy minister of digital transformation. “We don’t know exactly who is doing what,” Mr. Bornyakov said in an interview.
Western officials for weeks warned of cyberattacks linked to a Russian invasion that could disrupt key Ukrainian infrastructure and potentially jump to computer systems around the world. Such digital operations have had limited impact so far, cybersecurity experts say, with hackers installing destructive malware in several Ukrainian organizations and disrupting web services for some government agencies and state-owned banks.
The entry of more non-state actors has added a hard-to-quantify variable to a conflict awash with disinformation campaigns and opaque cyber operations.
“A word of caution: Hacktivists are not always what they seem,” said Craig Terron, senior manager of global issues for cyber firm Recorded Future’s Insikt Group threat research unit.
In Ukraine, the volunteer IT force enlisted by the government isn’t acting alone. Yegor Aushev, co-founder of Ukrainian company Cyber Unit Technologies, has in recent days been using Facebook and LinkedIn to solicit volunteer hackers from Ukraine, Belarus and other countries for dozens of cyber projects.
“We are united. We are focused,” he said. “We sleep two or three hours per day and then we are always online. We don’t have shock anymore.”
Mr. Aushev said immediate goals include defacing Russian sites with antiwar messaging or graphic imagery of dead soldiers, as well as flooding them with traffic in distributed denial-of-service attacks. Working outside of Kyiv, Mr. Aushev said the teams communicate through secure means, such as the encrypted messaging app Signal, as they also plan out longer-term attempts to disrupt Russian infrastructure.
“We all understand that we have to win,” said Mr. Aushev, adding that he’s coordinating with the Ukrainian military and digital ministry. “Otherwise, we will die. We will not be under Russia.”
Within Moscow’s sphere of influence, one prominent hacking group has similarly threatened to join the fight. The Conti ransomware gang Friday pledged “full support” to the Kremlin on its website and warned that it would launch cyberattacks against critical infrastructure of countries that organize “any war activities against Russia.”
Cybersecurity experts say the message shows how ransomware gangs that operate largely out of Russian-speaking countries can serve as an extension of Moscow’s foreign policy.
The fear is that non-state actors’ entrance into the fight on either side could add confusion that leads to escalation between Russia and other countries, said Kellen Dwyer, a partner at law firm Alston & Bird LLP and a former deputy assistant attorney general in the U.S. Justice Department’s national-security division.
“There’s the possibility for misfires, misattribution and miscalculations that really concerns me,” he said.
—James Rundle, Nicolle Liu, Suman Bhattacharyya and Evan Gershkovich contributed to this article.
Write to David Uberti at [email protected]
Copyright ©2022 Dow Jones & Company, Inc. All Rights Reserved. 87990cbe856818d5eddac44c7b1cdeb8