Belarusian hackers claim to breach fertilizer plant in retaliation for support of Lukashenko regime

Belarusian politically motivated hackers have claimed to attack the country’s largest state-run manufacturer of fertilizers, Grodno Azot, for its alleged involvement in political repression, sanctions evasion, and human rights violations.

The hacker group, known as the Belarusian Cyber-Partisans, said that their attack disrupted the enterprise's energy generation facility. They also allegedly hacked into the plant's security systems and surveillance cameras, encrypted hundreds of computers and internal emails, and wiped out backups of databases and servers.

In exchange for the decrypted data, the hackers are demanding that the government release political prisoners detained for opposing the regime of Belarus’ dictator, Alexander Lukashenko.

“We worked carefully and used only a small part of our capabilities. If you refuse, the stakes will be even higher next time,” the hackers said in a statement on Telegram, published last week.

The Belarusian Cyber-Partisans are known for carrying out cyberattacks against Russian and Belarusian companies as well as state agencies. The group is part of the broader opposition movement in Belarus, using digital tools to topple Lukashenko’s regime.

The credibility and actual impact of the hackers' attacks are difficult to verify since their victims rarely publicly comment on the operations. In the past, prominent investigative journalists from outlets like Bellingcat and Belsat have verified the authenticity of data provided by the group.

Since last Wednesday, when the Belarusian Cyber-Partisans first claimed to attack Grodno Azot, the company’s website has been unavailable.

The enterprise’s Telegram channel wrote in a statement last week that the company detected an external attempt to destabilize its operations “by violating the integrity of the file system on individual resources.”

“The situation has not affected, and will not affect, the production activities of the enterprise,” the statement said.

Radio Free Europe reported that an employee of the plant told them anonymously that “there was a big commotion at the plant” on the day of the hack.

“People have discussed it. Everyone knows what happened and who did it. But I don't know how much the attack affected the work,” they added.

Official representatives of the enterprise declined to comment and hung up when journalists from Radio Free Europe called for a comment.

As evidence of the attack, the hackers published alleged screenshots from security cameras, examples of leaked documents, and a video that purportedly shows the disruption of the plant’s heating facility.

In a detailed analysis of the attack published last week on the Belarusian Cyber-Partisans' official website, the hackers revealed that they had been inside Grodno Azot's networks for several months.

"We studied the production processes of the enterprise for a long time to ensure that our intervention would not harm ordinary employees and residents of the city of Grodno," the hackers said.

The group claimed to have found a way “to completely stop the operation of the plant,” but refrained from doing so for ethical reasons. “They were fortunate that it was us who hacked the company, and not some cybercriminals who could have caused a disaster,” the hackers added.

In a previous interview with Recorded Future News, the spokesperson of the Belarusian Cyber-Partisans, Yuliana Shemetovets, said that the country's state networks are poorly secured because digital resistance has never been a priority for Lukashenko. Besides, many local tech specialists have joined the opposition movement and were forced to flee the country.

While commenting on the Grodno Azot hack, one of the group’s members said that the government protects the enterprise's network as if it were a “cowshed, not an explosive facility.”