Provincial governments play an underappreciated role in China’s cyber operations
Read more 
Ukraine’s volunteer IT Army is making gains on the cyber front
The ‘IT Army of Ukraine’ continues to evolve its operations, redefining what it means for the average person to participate in cyber warfare
Photo: Žilvinas Ka / Unsplash
In the early days of Russia’s full-scale invasion, Ukraine put out an open call for hackers to join a digital front against the Kremlin. Since then, the ‘IT Army of Ukraine’ has matured into a large-scale, agile cyber force.
In an interview with the author, an IT Army spokesperson going by the callsign ‘Ted’ said the group’s targeting strategy has evolved as the war has progressed. In February 2022, the focus was on disrupting Russia’s digital sphere – government sites, propaganda outlets, and pro-war businesses. As capabilities grew, the effort became more targeted. ‘Today we concentrate on targets that directly sustain Russia’s war machine: logistics hubs, transport booking systems, energy sector companies, key financial intermediaries, and information channels used to justify aggression,’ said Ted.
Despite this evolution, ‘the guiding principle has remained the same,’ he said. ‘Maximise economic and psychological cost for the aggressor, while avoiding unintended harm to civilian safety critical infrastructure.’
Perceptions versus reality
In December 2022, Oleg Syromolotov, then Russia’s Deputy Minister of Foreign Affairs claimed that the United States was planning to spend billions of dollars on cyberattacks, adding ‘In the so-called “Ukrainian IT army,” we are dealing not with homegrown hackers but with the full cyber power of the North Atlantic alliance.’
This March, Russian foreign ministry spokeswoman Maria Zakharova accused Ukraine’s government of managing a massive hacker force, responsible for over 200,000 attacks on Russian infrastructure.
Dmitry Gribkov, an aide to the Russian Security Council, described the IT Army as a Western-backed, Baltic-trained hacking network.
‘The group’s goal is to disrupt the operation of Russia’s socially important government and private information resources and steal sensitive data,’ said Gribkov. ‘Ukrainian officials are not shy about flaunting their involvement in mass cyberattacks on Russian information infrastructure facilities.’
The IT Army’s origin was, however, far more ad hoc than the Kremlin claims. ‘The spark was almost accidental,’ said Ted. ‘Friends at the Ministry of Digital Transformation pinged me on 26 February 2022: “We’re putting together some sort of IT Army. Interested?”’ His first reaction was pragmatic. ‘How on earth is this supposed to work? No one had a blueprint; the idea was rolling off the drawing board in real time. Still, swapping a rifle for a keyboard felt like the best use of my skills, so I jumped in.’
Asymmetric warfare
According to Russian cybersecurity firm F6, the IT Army of Ukraine was the most active group targeting Russian digital infrastructure in 2024, with distributed denial of service (DDoS) attacks surging by at least 50%. ‘DDoS attacks are a very simple way to interfere with Russian operations,’ said Ted. ‘The IT Army has developed a unique expertise in conducting DDoS attacks, and Russia is very vulnerable to these attacks.’
The IT Army has turned this simple concept into a tool of asymmetric warfare. One attack the group claimed responsibility for disrupted the internet for 200,000 residents of Moscow and St. Petersburg and wiped $350 million off the stock value of internet service provider Lovit.
In mid-May, the IT Army targeted SprintHost, a hosting providers, taking dozens of businesses offline. The IT Army framed it as a form of rear pressure: ‘Services freeze, companies lose money, the army loses support. No Russian digital asset should feel secure.’ As Ukraine ramped up drone strikes on Russian oil refineries throughout 2024, the IT Army launched cyberattacks to disable CCTV and disrupt internet, blinding surveillance in targeted areas.
The IT Army has a decentralised and volunteer-driven structure. ‘Ukraine’s scene is bottom up and motivated by defense of homeland,’ said Ted. ‘It cooperates with government but retains civilian character.’
In contrast, ‘Russian hacktivism is more top down,’ he explained. ‘Many groups operate as proxies for state security services, and criminal profit often sits alongside patriotic rhetoric.’
One of the IT Army’s successes has been its democratisation of DDoS attacks. By offering simple guides and toolkits, Ukraine has opened the door for volunteers across the planet to take part in real-time digital sabotage. The result is quietly significant. ‘The operational punch behind each campaign is stronger today than in 2022, even as headline interest softens,’ said Ted.
According to Ted, this is due to the work of a small in-house engineering team. ‘A new toolkit recently released by the IT Army allow users to schedule DDoS attacks to run at programmed times, such when they are sleeping and do not need their internet resources. To maintain operational security, some functions remain hidden. ‘Security reviews and obfuscation are handled separately to avoid providing the adversary with a blueprint.’
One factor behind the IT Army’s success is Russia’s lack of preparation. In April 2024, Gazeta.Ru reported that nearly half of Russia’s top 100 companies by revenue lacked professional defences against application layer DDoS attacks. ‘If a Russian company wants to be protected against DDoS attacks, they must buy expensive software such as Cloudflare,’ Ted explained. ‘If the company has a lot of infrastructure, it can cost them hundreds of thousands of dollars to protect.’ Ted pointed out that Russia’s attempts to harden its digital infrastructure with sprawling and expensive countermeasures reflect growing anxiety about the threat posed by volunteer cyber campaigns.
The Kremlin’s response has extended beyond infrastructure. ‘The FSB [Russia’s Federal Security Service] opened criminal cases against unnamed Ukrainian hackers and state media regularly blames outages on our operations,’ said Ted. He added that the pressure appears to be shaping digital policy. ‘Legislatively, Moscow has accelerated its “sovereign internet” programme – tightening inspection of TLS [transport layer security] traffic and trialing domestic DNS [domain name system] roots – largely in response to the sustained pressure from Ukrainian and allied hacktivists.’
A model for future conflict
In the near future, ‘We expect a leaner, more skill dense formation at home – fewer mass participation raids, more precision work that fuses open-source investigation, custom offensive tooling, and rapid hand-offs to Ukraine’s cyber command,’ said Ted. But the long-term vision is more strategic. ‘The larger ambition is outward-looking: turn the IT Army into an exportable template for every NATO partner,’ he explained. ‘Picture a light professional core – software engineers, reconnaissance planners, ops coordinators – in each country and a broad volunteer mesh that donates spare hardware to generate tackling power.’
The model, he said, could be rapidly deployed in future conflicts. ‘If a new war broke out tomorrow, allies could flip the switch on day one, instantly fielding a nation-scale DDoS shield or strike capability, already drilled and interoperable.’
Emerging technologies will intensify the North Korean cyber threat
Read more
