Over two years have passed since Russia's full-scale invasion of Ukraine, and the volunteer IT Army of Ukraine is more effective than ever. On June 20, 2024, the hacker group launched what they claimed to be the "largest DDoS attack in history" against Russia's banking system, crippling numerous banks and causing widespread disruption.
Vasily Nebenzya, the Permanent Representative of Russia to the United Nations, then claimed that the IT Army of Ukraine is actively spreading disinformation against Russia. He emphasized, "Through these IT resources, streams of disinformation and lies about Russia and the special military operation are being broadcast."
The group has emerged as a critical player in a new kind of hybrid warfare that spans both the physical battlefield and cyberspace. However, creative marketing is needed to enlist more ordinary citizens worldwide to continue scaling its impact.
Dmitry Gribkov, an aide to the Russian Security Council, threatened Western officials in March, stating that by supporting the IT Army, they are opening Pandora's box, which would backfire against its “masters.” Gribkov, referring to Ukraine’s IT Army, went on to say that "Hacking experts are being trained in Ukraine and the Baltic states to carry out computer attacks on Russia’s information infrastructure.”
He further highlighted that Ukrainian officials are not shy about their involvement in “mass cyberattacks on Russian information infrastructure facilities.” Ukraine’s volunteer hacker army isn’t just some obscure cyber group in the background; they are actively on the minds of the Kremlin elite.
The IT Army has undergone significant evolution since Russia's full-scale invasion of Ukraine began in 2022. Formed in response to a digital call to arms by Ukrainian Digital Transformation Minister Mykhailo Fedorov, the IT Army has democratized Distributed Denial of Service (DDoS) attacks against its adversary.
At its peak in 2022, the group had several hundred thousand members. However, according to the IT Army’s spokesperson, who goes by the nickname “Ted,” many subscribers to Ukrainian channels unsubscribed as the war progressed, leaving dedicated volunteers to continue the efforts.
DDoS attacks, the IT Army’s primary tactic, involve coordinating numerous computers to bombard a specific network or website with excessive requests, overwhelming and ultimately crippling the target. In the first two years of the full-scale war, the IT Army focused on inflicting economic damage on Russia, viewing their cyberattacks as a new form of sanctions. Although exact figures are difficult to determine, Ukraine’s hacker army estimates that their actions have caused over $1 billion in economic damage.
The IT Army’s campaign has significantly disrupted Russian Internet providers, with reports of 40% resource disruption at one point.
The Russian state-controlled media outlet Kommersant wrote that “The number of DDoS attacks on Russian companies doubled year on year in the first quarter. Mostly companies from critical industries...Roskomnadzor speaks of repelling almost three times more attacks in the first quarter alone than in the entire 2023.”
The St. Petersburg International Economic Forum, hosted by Russia in June 2024, experienced a significant surge in DDoS attacks. Russian media reported that the number of DDoS attacks on the forum's online portals more than doubled compared to 2023, aiming to disrupt its digital resources. The IT Army’s Telegram channel commented on the attacks, noting that “There wasn't a big explosion, but we sure rattled their nerves.”
Russian state-controlled media outlet Gazeta.Ru reported in April 2024 that almost half of the companies in the top 100 by revenue in Russia do not have “professional protection” against Layer 7 DDoS attacks. Russian media also reported in May 2024 that the number of DDoS attacks on the Russian energy industry has increased tenfold over the past year.
In response to Russia attacking Ukraine and opening a new front in Kharkiv in May, the Ukrainian IT Army announced on their Telegram channel, “We are currently working on important targets related to events at our border in the Kharkiv region. We are trying to disrupt the enemy's communications. We need more power! Activate everything!”
The IT Army pointed out that their attacks on electricity transportation also connect to the battlefield, because electricity supply is both a vital resource for Russia’s military and a vulnerability. However, the effectiveness of DDoS attacks is proportional to an attack’s scale. The more devices powering an attack, the more effective the impact. Speaking about how to address performance capacity, Ted noted, “We need to increase the number of volunteers that we have dedicating hardware capacity to the IT Army.”
Recruiting on traditional social media is a dead end for the IT Army. Ted pointed out that social networks like X (formerly known as Twitter) and Facebook simply ban anyone who advertises cyberattacks. For now, the IT Army continues to engage with marketing firms to improve its reach.
Amid a full-scale cyber war between Russia and Ukraine, the IT Army is working on scaling a decentralized hacker army through non-technical means. The solution is to convince the average person with internet access that they can conduct cyberattacks against the enemy from anywhere, and by doing so, they can join Ukraine’s cyber defense. Despite remaining largely unnoticed by Western media, the IT Army of Ukraine is pioneering the first large-scale, decentralized cyber warfare campaign against their adversaries.
Editor’s Note: The opinions expressed in the op-ed section are those of the authors and do not purport to reflect the views of the Kyiv Independent.