Cyber Incident Victim: Ministry of Internal Affairs of Belarus
Date:
Jun 2022
Location:
Belarus
Summary
A Belarusian hacktivist group released intercepted audio recordings allegedly obtained from the Ministry of Internal Affairs, claiming the data included wiretapped communications from foreign embassies and consulates within Belarus. The group selectively disclosed portions of the material while withholding personal conversations, asserting possession of extensive intercepted communications involving thousands of organizations and individuals. This action aligns with their broader objective of undermining the current regime through exposure of alleged surveillance and corruption. The same group previously compromised the ministry's internal surveillance systems and disrupted Belarusian railway operations to impede Russian military logistics, demonstrating a pattern of cyber operations targeting government infrastructure to challenge political leadership and support regional resistance efforts.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 3 motives | 1 technique |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
On June 13, 2022, the Belarusian hacktivist group Cyber Partisans publicly released wiretapped audio recordings purportedly obtained from the internal surveillance systems of the Belarusian Ministry of Internal Affairs. The group announced the leak via its Telegram channel, accompanied by a four-and-a-half-minute YouTube video containing edited audio clips it claimed originated from intercepted communications at the Russian embassy and consulate in Belarus between 2020 and 2021. Cyber Partisans stated they withheld full conversations and anonymized certain participant details to protect private individuals unaffiliated with the Belarusian government. The released material represented a small fraction of approximately 1.5 terabytes of intercepted voice calls—equivalent to roughly 50,000 hours—in the group’s possession. According to their Telegram statements, the archive included metadata identifying over 22,000 organizations and 49,000 individuals monitored by Belarusian authorities. The group framed the leak as part of a broader campaign to expose surveillance activities conducted under President Alexander Lukashenko’s regime, explicitly mocking Lukashenko’s characterization of Belarus-Russia relations as "brotherly" in the video description. Neither the Russian foreign ministry nor the Belarusian embassy in the U.S. responded to media requests for comment following the disclosure.
This incident followed a pattern of Cyber Partisans operations targeting Belarusian government infrastructure. The group—composed of approximately two dozen former IT specialists with alleged insider knowledge of state systems—had previously breached the Ministry of Internal Affairs in July 2021, accessing its internal surveillance video networks. Their June 2022 release leveraged data from that prior intrusion, emphasizing ongoing efforts to disrupt and expose the Lukashenko government. The leak occurred amid Belarus’s deepening collaboration with Russia during the latter’s invasion of Ukraine, including allowing Belarusian territory to serve as a staging ground for Russian military operations. Cyber Partisans had previously sabotaged Belarusian railway systems in late February 2022 to impede Russian military logistics, demonstrating alignment with Ukrainian resistance efforts. The wiretap disclosure aimed to undermine state authority by revealing pervasive surveillance of diplomatic entities, though the group avoided releasing material implicating non-governmental individuals. No containment measures or technical responses from affected governments were documented in available reporting following the data publication.