IT Army of Ukraine

The IT Army of Ukraine (Ukrainian: IT-армія України) is a volunteer cyberwarfare organisation created at the end of February 2022 to fight against digital intrusion of Ukrainian information and cyberspace after the beginning of the Russian invasion of Ukraine on 24 February 2022.^[1][3] The group also conducts offensive cyberwarfare operations, and Victor Zhora, the Chief of the Head of State Special Communications Service of Ukraine, stated its enlisted hackers would only attack military targets.^[4]

IT Army of Ukraine
IT-армія України
Active	26 February 2022 – present[1]
Country	Ukraine
Branch	Cyberwarfare
Size	~1000 Ukrainian and foreign volunteers as of 3 March 2022[update][2]
Website	itarmy.com.ua

Formation

On 26 February 2022, the Minister of Digital Transformation and First Vice Prime Minister of Ukraine, Mykhailo Fedorov, announced the creation of the IT Army, which has been coordinating its efforts primarily via Telegram and Twitter.^[5][6]

According to Reuters, the Ukrainian government asked for volunteers from the country's hacker underground to help protect critical infrastructure and conduct cyber spying missions against Russian troops. Yegor Aushev, the co-founder of a Ukrainian cybersecurity firm Hacken,^[7] wrote, "Ukrainian cybercommunity! It's time to get involved in the cyber defense of our country," asking hackers and cybersecurity experts to submit an application listing their specialties, such as malware development and professional references.^[8][9]

Furthermore, the Ukrainian government broadcast a global call for the participation hackers, hacktivists, and regular computer users alike, the first time a nation-state has done so, thus further shaping cyberwarfare doctrine.^[10][11]

Aims

Denial of Service attack

The volunteers who joined the group are divided into offensive and defensive cyber units. While the offensive volunteer unit would assist Ukraine's military in conducting digital espionage operations against invading Russian forces, the defensive unit would be employed to defend infrastructure such as power plants and water systems.^[1]

The Ukrainian government used Twitter and Telegram to share a list of Russian and Belarusian targets for the army to attack.^[12] As time went on, the dissemination of target information became more structured,^[13] with attacks primarily consisting of denial-of-service attacks using a variety of open-source tools.^[14] Russian ransomware operators responded by offering their assistance to counter the Ukrainian effort.^[15]

Activities

• Fedorov requested the assistance of cyber specialists and tweeted a Telegram with a list of 31 websites of Russian business and state organizations.^[16][17][5]
• On 28 February 2022, the IT Army hacked the website of the Moscow Stock Exchange. The IT Army posted that it had taken them only five minutes to render the website inaccessible.^[18][19][20]
• On the same day, the IT Army hacked the website of Sberbank, Russia's largest bank. The IT Army had also launched attacks on other Russian and Belarusian sites, including the government websites of Russia and Belarus, the FSB, and the Belarusian state news agency BelTA, among others.^[17][21]
• According to Reuters, the group targets Russian power grids and railways to prevent Russian infrastructure from reaching Ukraine.^[2] This included technologies such as GLONASS.^[2]
• Eight hundred Russian websites, including Roscosmos, were attacked by the IT Army from 27 June to 10 July. They posted congratulatory messages to Ukrainian Constitution Day on those websites. Additionally, distributed denial-of-service attacks carried out by the IT army have crippled the Russian ability to work on some CRM systems for extended periods.^[22]
• Ukraine's Ministry of Digital Transformation reported that cyberattacks on over 6000 Russian web resources occurred between 26 February and 30 July.^[23]
• In September 2022, the group had reportedly collaborated with Anonymous to commit a cyberattack against Yandex Taxi's systems, resulting in a traffic jam in Moscow.^[24]
• The group claimed to have successfully hacked the website of the notorious Russian paramilitary group, the Wagner Group, and stolen the personal data of its members. On the defaced website, photos of dead soldiers were shown afterward.^[25]
• On 7 October 2022, the IT Army hacked the website of the Collective Security Treaty Organization (CSTO), through which they congratulated the Russian president on his birthday.^[26]
• In October 2023, they stated they would abide by the International Committee of the Red Cross rules of engagement for civilian hackers, even if it put them at a disadvantage.^[27]

See also

• Russo-Ukrainian cyberwarfare
• Starlink satellite services in Ukraine, the use of SpaceX's large satellite constellation for warfare and communications in Ukraine
• Information technology