A Belarusian hacktivist group known as the Cyber Partisans has responded to a detailed report published by cybersecurity firm Kaspersky. The report, which outlined the group’s tactics, tools, and recent operations, did not seem to surprise the hackers.
“We are not surprised that Kaspersky is aware of some of our attack techniques,” the group told Recorded Future News in a statement.
However, the group was taken aback by the extensive coverage given to their operations. “A detailed article plus two conference presentations,” they remarked, highlighting the attention the cybersecurity firm had devoted to their activities.
The hackers speculated that Kaspersky’s focus on their group could be a response to the failure of Kaspersky’s security products in stopping their attacks. “Such attacks make Kaspersky’s technologies appear outdated, and perhaps this is why they are trying to justify themselves or counter us with these publications,” the group suggested.
Recorded Future News could not independently verify this claim, and Kaspersky did not provide comment by the time of publication.
The Kaspersky report sheds light on the Cyber Partisans’ hacking methods and their politically motivated agenda. The group, which emerged following protests against Belarusian dictator Alexander Lukashenko in 2020, has since carried out several high-profile attacks. These include targeting Belarus’ state-run railway, disrupting Russian weapons supplies, and breaching classified servers at Belarus’ Ministry of Internal Affairs.
In its report, Kaspersky highlighted two key tools used by the hackers: a backdoor known as Vasilek and a data-wiping malware called Pryanik. Vasilek allows hackers to collect system data, such as keystroke logs and application screenshots. It communicates with the hackers through Telegram messenger groups instead of relying on traditional command-and-control servers.
Pryanik, the data-wiping malware, is designed to erase critical data on infected systems. Kaspersky described it as a “logic bomb,” activating at specific times to cause maximum damage. If left unchecked, it can trigger again after about a month.
The Cyber Partisans’ attacks typically occur during off-hours, when fewer IT staff are available to respond. Kaspersky cited an attack on Belarus’ state-run fertilizer manufacturer last April, in which Pryanik was reportedly used. During that attack, the hackers disrupted the plant’s energy systems, hacked its security cameras, encrypted computers, and erased data backups.
In response, the Cyber Partisans acknowledged using wipers in certain attacks. However, they disputed Kaspersky’s claim that data could not be recovered if the hackers’ political demands were met. The group stated that in some operations, they had used ransomware, which would allow for data recovery. In other instances, they had exfiltrated critical data before wiping it, allowing for potential restoration.
While the Cyber Partisans admitted that some of their operations are high-profile and thus more likely to be detected, they insisted that most of their current activities are classified.
Despite the attention from Kaspersky, the group made it clear that the report would not affect their ongoing operations. “We thank the Kaspersky team for the attention and for helping publicize our cause. We hope that similar groups will soon emerge in their own country to deal blows to the Kremlin regime until it collapses. Long live Belarus!” the hackers concluded.
