Getty Images
Hackers in Belarus said on Monday they had infected the network of the country’s state-run railway system with ransomware, and would only do so if Belarusian President Alexander Lukashenko stopped aid to Russian troops ahead of a possible invasion of Ukraine Provide the decryption key.
Reference to Belarusian Railways, a group calling itself a cyber guerrilla write on the telegram:
BelZhD, under the command of the terrorist Lukashenko, allows the occupying forces to enter our land these days. As part of the “Peklo” network campaign, we encrypted most of BelZhD’s servers, databases and workstations to slow down and disrupt road operations. The backup has been destroyed.
Dozens of databases were attacked, including AS-Sledd, AS-USOGDP, SAP, AC-Pred, pass.rw.by, uprava, IRC, and more.
Automation and security systems are intentionally immune to cyber attacks to avoid emergencies.
The group also Announce Attack on Twitter.
We have encryption keys and we are ready to restore the system of Belarusian Railways to normal mode. Our conditions:
Release the 50 political prisoners most in need of medical assistance.
– Belarusian Cyber Guerrilla (@cpartisans) January 24, 2022
A representative of the group said in a direct message that the Peklo cyber campaign targeted specific entities and government-run companies in order to pressure the Belarusian government to release political prisoners and prevent Russian troops from entering Belarus and using its territory to carry out attacks. Ukraine.
“The government continues to suppress the free will of Belarusians, imprison innocents, and they continue to illegally detain … thousands of political prisoners,” the representative wrote. “The main goal is to overthrow the Lukashenko regime, maintain sovereignty and build a democratic state with the rule of law, independent institutions and protection of human rights.”
The group released the following images, which appear to show hackers inside the private network of Belarusian railways:
About 36 hours after posting those photos, the group posted more:
At the time this article went live, several services on the railroad’s website were unavailable. For example, buying tickets online does not work, instead returning the following message:
Attention passengers!
Due to technical reasons, the reference network resources of Belarusian Railways and the service of issuing electronic travel documents are temporarily unavailable. To arrange travel and return electronic travel documents, please contact the ticket office. Currently, efforts are being made to restore the performance of the system. Belarusian Railways apologises for any inconvenience caused.
In addition to disrupted ticketing and schedules, the cyberattack also affected freight trains, the representative said.
according to arrive Report, Russia has been transporting military equipment and personnel by rail to Belarus, which borders Ukraine. @belzhd_live, a group of Belarusian railway workers who track activity on 5,512 km of railways, said friday Over the course of a week, more than 33 Russian military trains full of equipment and troops arrived in Belarus for joint strategic exercises. Workers’ groups said at the time that a total of 200 so-called echelons were expected to arrive in the coming days.
The Belarusian Defense Ministry reported on Monday that Russian troops continued to arrive in the country ahead of a major training exercise next month, The Washington Post said. A video also surfaced on social media on Monday, showing Russian military convoys and trains equipped with military equipment traveling through southern Russia and Belarus.
tools of the weak
Juan Andrés Guerrero-Saade, chief threat researcher at security firm SentinelOne, said he could not confirm the ransomware attack, but provided images that appeared to confirm that someone gained privileged access to the Belarusian railway network.
“On the face of it, this is an interesting twist in the ransomware narrative,” he said in an interview. “Most of the time, we think of ransomware as a financial problem for businesses, not a tool of the weak, tantamount to a revolutionary struggle.”
The representative of the cyber guerrilla said that it is not difficult to access the network of Belarusian railways.
“This network has many entry points, and the isolation from the Internet is not good,” the representative said. “Cyber guerrillas entered from one point and then opened many other entry points from within.”
Changed “Department” to “Echelon” after correction. Updated January 25, 2022 to add more photos.
