Menu
Browse

Cyber Incident Victim: Belarus

Date:

Feb 2022

Location:

Belarus

Summary

Activist hackers known as the Cyber Partisans compromised control systems of the Belarusian railway network, encrypting critical data on routing and switching devices to render them inoperable. This disruption halted train operations in multiple cities including Minsk, Orsha, and Osipovichi, aiming to impede the movement of Russian military forces into Ukraine.

CIA Posture Motives Tactics, Techniques & Procedures
Available to members 2 motives 2 techniques
Threat Actor Type Location
1 actor Available to members Available to members

Description

On February 27, 2022, the activist hacker group Cyber Partisans claimed responsibility for a cyberattack targeting Belarusian railway infrastructure. The group breached computer systems controlling train operations, specifically compromising routing and switching devices critical to network functionality. By encrypting data stored on these devices, the hackers rendered them inoperable, disrupting rail traffic in multiple locations. The attack caused trains to halt in the capital city of Minsk, the northeastern city of Orsha, and the town of Osipovichi in central Belarus. This operational disruption directly impacted the physical movement of trains across affected segments of the national rail network.

Cyber Incident Image

The Cyber Partisans publicly stated their objective was to impede Russian military forces from utilizing Belarusian railways for troop or equipment movements into Ukraine amid the ongoing invasion. The group framed the attack as resistance against Belarus’s logistical support for Russian military operations. No technical details regarding the initial breach vector, duration of encryption, or specific malware used were disclosed in available reporting. The incident demonstrated direct interference with industrial control systems governing transportation infrastructure, linking cyber operations to tangible physical disruptions. Railway authorities did not release immediate statements confirming service restoration timelines or operational recovery measures following the attack.

Sources
Sources available to members
1 source