Belarusian hackers taunt Kaspersky over report detailing their attacks

A Belarusian hacktivist group known as the Cyber Partisans is no stranger to scrutiny from cybersecurity researchers. So when Kaspersky, a Moscow-based cybersecurity firm, published a detailed report last week dissecting the group’s alleged tools and tactics, the hackers were unfazed.

“We are not surprised that Kaspersky is aware of some of our attack techniques,” the group said in a statement to Recorded Future News.

What did catch them off guard was the level of attention the firm devoted to their operations. “A detailed article plus two conference presentations,” the hackers added.

The group suggested that Kaspersky’s attention to its operations may have been driven by the fact that many of the hackers’ targets had relied on the firm’s products — which had reportedly failed to prevent the intrusions.

“Such attacks make Kaspersky’s technologies appear outdated, and perhaps this is why they are trying to justify themselves or counter us with these publications,” the hackers said. 

Recorded Future News could not verify this claim. Kaspersky did not respond to a request for comment at the time of publication.

But the report offers a rare glimpse into the alleged arsenal of politically motivated hackers waging a digital war against authoritarian regimes in Russia and Belarus.

The Cyber Partisans emerged in the wake of mass protests in Belarus in August 2020 against dictator Alexander Lukashenko’s presidential election, which the U.S. and other countries deemed rigged.

Since then, the group has grown in size and sophistication, conducting large-scale operations — including an attack on the state-run Belarusian railway, which reportedly disrupted the supply of Russian weapons, and the breach of classified servers at Belarus’ Ministry of Internal Affairs, gaining access to internal communications.

In the report, Kaspersky described a previously unknown backdoor called Vasilek and a data-wiping malware called Pryanik, allegedly used by the Cyber Partisans in recent cyberattacks targeting industrial and government organizations in Russia and Belarus.

According to researchers, Vasilek can collect system information, including keystroke logs, application screenshots and details about the targeted organization’s network infrastructure. Instead of relying on traditional command-and-control servers, it transmits stolen data and receives commands via Telegram messenger groups.

The wiper, dubbed Pryanik, is designed to delete critical data on infected systems. According to Kaspersky, it functions as a "logic bomb," activating at predetermined times to maximize disruption. If not removed from the system, the wiper can trigger again about a month later.

The report noted that the Cyber Partisans frequently deployed their malware overnight or early in the morning, when fewer IT staff are on duty. Kaspersky said Pryanik was likely used during an attack on Belarus’ state-run fertilizer manufacturer last April.

At that time, the group said its attack disrupted the enterprise's energy generation facility. They also allegedly hacked into the plant's security systems and surveillance cameras, encrypted hundreds of computers and internal emails and wiped out backups of databases and servers.

In response to Kaspersky’s findings, the Cyber Partisans acknowledged using wipers in certain attacks but disputed the company’s claim that victims' data could not be restored when the group’s political demands were met.

The hackers said that in some operations they used ransomware, which would have allowed for data restoration, and that in wiper-based attacks they had exfiltrated critical data in advance to allow for potential recovery.

The Cyber Partisans admitted it is inevitable that some of its techniques and tools will be discovered when conducting “noisy” operations, which they had previously disclosed publicly. Now, they say, most of their operations are classified.

The group said that the Kaspersky report will not affect its current or future operations.

“We thank the Kaspersky team for the attention and for helping publicize our cause. We hope that similar groups will soon emerge in their own country to deal blows to the Kremlin regime until it collapses. Long live Belarus!” the hackers added.