Pierluigi Paganini April 29, 2024

A Belarusian group of activist group claims to have infiltrated the network of the country’s main KGB agency.

The Belarusian hacktivist group Cyber-Partisans claims to have infiltrated the network of the country’s main KGB security agency. The hackers had access to personnel files of over 8,600 employees.

On Friday, the website of the Belarusian KGB showed an empty page that displayed the message “in the process of development”.

The Cyber-Partisans group published on its Telegram channel a series of documents as proof of the hack, including the list of the website’s administrators, the underlying database, and server logs.

“Cyberpartisans and the mystery of the broken KGB website

The official website of the KGB of the Republic of Belarus has not been working for more than 2 months. And all because the Cyber Partisans got there in the fall of 2023 and pumped out all the available information.

Alas, we made a little noise and had to close the site. 🤫 We are posting a list of admins as proof. See the site database and server logs in a separate post below.” reads the message published by the group on Telegram.

The Cyber-Partisans coordinator Yuliana Shametavets told The Associated Press that the attack on the KGB “was a response” to the agency’s chief Ivan Tertel, who accused the group of preparing attacks on the Belarus’ critical infrastructure, including a nuclear power plant. The group remarked that the target of its attacks are not Belarusians but the county government.

“KGB PROVOKATION: Cyber partisans are planning attacks on a nuclear power plant.” below the message published by the group on Telegram

“We don’t plan to. And we never planned. Because we work to save the lives of Belarusians, not to destroy them. Unlike the Lukashenko regime. But we have already said that in general an attack on the BelNPP is technically possible. While there is a dictator in power, under whom they would rather switch to pieces of paper than provide normal protection against cyber attacks.”

“The KGB is carrying out the largest political repressions in the history of the country and must answer for it,” Shametavets said. “We work to save the lives of Belarusians, and not to destroy them, like the repressive Belarusian special services do.”

Shametavets confirmed that the Cyber-Partisans group exfiltrated the personal files of more than 8,600 KGB employees.

Cyber-Partisans also launched Telegram chatbot that would allow citizens to unmask KGB operatives by uploading their photos.

“We publish interesting entries from the database of citizens’ appeals to the KGB of the Republic of Belarus.” reads another message posted on Telegram. “We even identified some informers for you.

🔺 Denunciations from citizens of Poland, Germany, Azerbaijan against Belarusians.
🔺 Denunciation of citizens of Lithuania and Ukraine against their compatriots for supporting the Armed Forces of Ukraine.
🔺 Complaints about Cyber Partisans, the Black Card of the Occupiers, etc.”

The Belarus Cyber-Partisans is a hacktivist group that has been active since 2020. Formed in the wake of the disputed 2020 election and subsequent crackdown on protests, the Cyber-Partisans target Belarusian government institutions.

The Cyber-Partisans group has conducted numerous attacks on Belarusian state media over the past four years. In 2022, they targeted Belarusian Railways multiple times, seizing control of its traffic lights and control system. This action disrupted the transit of Russian military equipment into Ukraine via Belarus.

Pierluigi Paganini

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

(SecurityAffairs – hacking, Belarus)