A group of Belarusian cyber-activists is claiming to have successfully launched a ransomware attack on the country’s state-run train company in a bid to disrupt Russian troop movements.
The self-styled “Belarusian Cyber-Partisans” revealed the attack on Twitter.
“At the command of the terrorist Lukashenka, #Belarusian Railway allows the occupying troops to enter our land,” it claimed of their autocratic president.
“We encrypted some of BR’s servers, databases and workstations to disrupt its operations. Automation and security systems were NOT affected to avoid emergency situation.”
The group claimed to have the decryption keys that they are ready to return the train network “to normal mode.” However, its preconditions – the return of 50 political prisoners in need of medical assistance and the prevention of Russian troops entering the country – are unlikely to be met.
After reportedly rigging election victory in 2020 and putting down widespread protests with violence, Lukashenko has sought closer ties with the Putin regime in a bid to shore up his power base and gain economic and diplomatic support from the Kremlin.
A passenger notice on the official Belarusian Railways website says only that services for issuing electronic travel documents are temporarily unavailable due to unspecified “technical reasons.”
It claims work is underway to restore the service and urges individuals to contact ticket offices to arrange travel.
Russian troops began exercises in Belarus near its border with Ukraine earlier this month, which observers fear is a prelude to invasion. Attacking from Russia and Belarus would stretch Ukrainian forces thinly across a land border stretching hundreds of miles between the countries.
Belarusian cyber operatives are also increasingly launching campaigns aligned with Russia’s interests. A report from Mandiant in November 2021 attributed the notorious Ghostwriter group, or parts of it, to the Belarusian government.