Ukraine digital army brews cyberattacks, intel and infowar

Mar 4, 2022, 10:02 AM | Updated: 10:58 pm

BOSTON (AP) — Formed in a fury to counter Russia’s blitzkrieg attack, Ukraine’s hundreds-strong volunteer “hacker” corps is much more than a paramilitary cyberattack force in Europe’s first major war of the internet age. It is crucial to information combat and to crowdsourcing intelligence .

“We are really a swarm. A self-organizing swarm,” said Roman Zakharov, a 37-year-old IT executive at the center of Ukraine’s bootstrap digital army.

Inventions of the volunteer hackers range from software tools that let smartphone and computer owners anywhere participate in distributed denial-of-service attacks on official Russian websites to bots on the Telegram messaging platform that block disinformation, let people report Russian troop locations and offer instructions on assembling Molotov cocktails and basic first aid.

Zahkarov ran research at an automation startup before joining Ukraine’s digital self-defense corps. His group is StandForUkraine. Its ranks include software engineers, marketing managers, graphic designers and online ad buyers, he said.

The movement is global, drawing on IT professionals in the Ukrainian diaspora whose handiwork includes web defacements with antiwar messaging and graphic images of death and destruction in the hopes of mobilizing Russians against the invasion.

“Both our nations are scared of a single man — (Russian President Vladimir) Putin,” said Zakharov. “He’s just out of his mind.” Volunteers reach out person-to-person to Russians with phone calls, emails and text messages, he said, and send videos and pictures of dead soldiers from the invading force from virtual call centers.

Some build websites, such as a “site where Russian mothers can look through (photos of) captured Russian guys to find their sons,” Zakharov said by phone from Kyiv, the Ukrainian capital.

The cyber volunteers’ effectiveness is difficult to gauge. Russian government websites have been repeatedly knocked offline, if briefly, by the DDoS attacks, but generally weather them with countermeasures.

It’s impossible to say how much of the disruption — including more damaging hacks — is caused by freelancers working independently of but in solidarity with Ukrainian hackers.

A tool called “Liberator” lets anyone in the world with a digital device become part of a DDoS attack network, or botnet. The tool’s programmers code in new targets as priorities change.

But is it legal? Some analysts say it violates international cyber norms. Its Estonian developers say they acted “in coordination with the Ministry of Digital Transformation” of Ukraine.

A top Ukrainian cybersecurity official, Victor Zhora, insisted at his first online news conference of the war Friday that homegrown volunteers were attacking only what they deem military targets, in which he included the financial sector, Kremlin-controlled media and railways. He did not discuss specific targets.

Zakharov did. He said Russia’s banking sector was well fortified against attack but that some telecommunications networks and rail services were not. He said Ukrainian-organized cyberattacks had briefly interrupted rail ticket sales in western Russia around Rostov and Voronezh and knocked out telephone service for a time in the region of eastern Ukraine controlled by Russian-backed separatists since 2014. The claims could not be independently confirmed.

A group of Belarusian hacktivists calling themselves the Cyber Partisans also apparently disrupted rail service in neighboring Belarus this week seeking to frustrate transiting Russian troops. A spokeswoman said Friday that electronic ticket sales were still down after their malware attack froze up railway IT servers.

Over the weekend, Ukraine’s minister of digital transformation, Mykhailo Fedorov, announced the creation of an volunteer cyber army. The IT Army of Ukraine now counts 290,000 followers on Telegram.

Zhora, deputy chair of the state special communications service, said one job of Ukrainian volunteers is to obtain intelligence that can be used to attack Russian military systems.

Some cybersecurity experts have expressed concern that soliciting help from freelancers who violate cyber norms could have dangerous escalatory consequences. One shadowy group claimed to have hacked Russian satellites; Dmitry Rogozin, the director general of Russia’s space agency Roscosmos, called the claim false but was also quoted by the Interfax news agency as saying such a cyberattack would be considered an act of war.

Asked if he endorsed the kind of hostile hacking being done under the umbrella of the Anonymous hacktivist brand — which anyone can claim — Zhora said, “We do not welcome any illegal activity in cyberspace.”

“But the world order changed on the 24th of February,” he added, when Russia invaded.

The overall effort was spurred by the creation of a group called the Ukrainian Cyber Volunteers by a civilian cybersecurity executive, Yegor Aushev, in coordination with Ukraine’s Defense Ministry. Aushev said it numbers more than 1,000 volunteers.

On Friday, most of Ukraine’s telecommunications and internet were fully operational despite outages in areas captured by invading Russian forces, said Zhora. He reported about 10 hostile hijackings of local government websites in Ukraine to spread false propaganda saying Ukraine’s government had capitulated.

Zhora said presumed Russian hackers continued trying to spread destructive malware in targeted email attacks on Ukrainian officials and — in what he considers a new tactic — to infect the devices of individual citizens. Three instances of such malware were discovered in the runup to the invasion.

U.S. Cyber Command has been assisting Ukraine since well before the invasion. Ukraine does not have a dedicated military cyber unit. It was standing one up when Russia attacked.

Zhora anticipates an escalation in Russia’s cyber aggression — many experts believe far worse is yet to come.

Meantime, donations from the global IT community continue to pour in. A few examples: NameCheap has donated internet domains while Amazon has been generous with cloud services, said Zakharov.

Copyright © The Associated Press. All rights reserved. This material may not be published, broadcast, rewritten or redistributed.


Lead water pipes pulled from underneath the street are seen in Newark, N.J., Oct. 21, 2021. (AP Pho...

Associated Press

Biden to require cities to replace harmful lead pipes within 10 years

The Biden administration has previously said it wants all of the nation's roughly 9 million lead pipes to be removed, and rapidly.

4 days ago

Facebook's Meta logo sign is seen at the company headquarters in Menlo Park, Calif., on, Oct. 28, 2...

Associated Press

Meta shuts down thousands of fake Facebook accounts that were primed to polarize voters ahead of 2024

Meta said it removed 4789 Facebook accounts in China that targeted the United States before next year’s election.

4 days ago

A demonstrator in Tel Aviv holds a sign calling for a cease-fire in the Hamas-Israel war on Nov. 21...

Associated Press

Hamas releases a third group of hostages as part of truce, and says it will seek to extend the deal

The fragile cease-fire between Israel and Hamas was back on track Sunday as the first American was released under a four-day truce.

9 days ago

Men look over the site of a deadly explosion at Al-Ahli Hospital in Gaza City, Wednesday, Oct. 18, ...

Associated Press

New AP analysis of last month’s deadly Gaza hospital explosion rules out widely cited video

The Associated Press is publishing an updated visual analysis of the deadly Oct. 17 explosion at Gaza's Al-Ahli Hospital.

12 days ago

Peggy Simpson holds a photograph of law enforcement carrying Lee Harvey Oswald's gun through a hall...

Associated Press

JFK assassination remembered 60 years later by surviving witnesses to history, including AP reporter

Peggy Simpson is among the last surviving witnesses who are sharing their stories as the nation marks the 60th anniversary.

12 days ago

Israeli Prime Minister Benjamin Netanyahu, chairs the weekly cabinet meeting in Jerusalem, Sunday, ...

Associated Press

Israeli Cabinet approves cease-fire with Hamas; deal includes release of 50 hostages

Israel’s Cabinet on Wednesday approved a cease-fire deal with the Hamas militant group that would bring a temporary halt to a devastating war.

13 days ago

Sponsored Articles


Dierdre Woodruff

Interest rates may have peaked. Should you buy a CD, high-yield savings account, or a fixed annuity?

Interest rates are the highest they’ve been in decades, and it looks like the Fed has paused hikes. This may be the best time to lock in rates for long-term, low-risk financial products like fixed annuities.



Key dates for Arizona sports fans to look forward to this fall

Fall brings new beginnings in different ways for Arizona’s professional sports teams like the Cardinals and Coyotes.



Importance of AC maintenance after Arizona’s excruciating heat wave

An air conditioning unit in Phoenix is vital to living a comfortable life inside, away from triple-digit heat.

Ukraine digital army brews cyberattacks, intel and infowar