Russian railway site allegedly taken down by Ukrainian hackers

The Russian state-owned railway company RZD said Wednesday that its website and mobile app were down for several hours due to a “massive” cyberattack, forcing passengers to only buy tickets at railway stations.

The Ukrainian hacktivist group IT Army claimed responsibility for the attack on its Telegram channel. “The terrorist state is heading non-stop to the station called Chaos,” the hackers said. The group’s claims could not be immediately verified.

RZD’s system was down for at least six hours, but the company said later on Wednesday that it had restored its operation despite ongoing attacks. Some of the company's online services are still unavailable due to the increased load, RZD said.

“Our goal is not to permanently take down the website. It requires significant effort to prepare an attack on such a target,” said IT Army. “Even if the website is down only for an hour, it would still have a significant impact on the economy of the aggressor country.”

It is the second attack on RZD since the start of the war in Ukraine. Last February, the Russian railway's website and mobile app were also down due to intense distributed denial-of-service (DDoS) attacks. Such attacks work by flooding a targeted site with junk traffic, making them unreachable.

At the time of the incident, the company increased the number of ticket offices at railway stations so that all passengers could buy tickets.

Cyberattacks targeting railways can greatly disrupt a country's logistics. Last year, a cyberattack on the Belarusian state railway crippled its network, allegedly hindering the transfer of Russian troops into Belarus for military exercises.

The Belarusian hacktivist collective Cyber Partisans, which claimed responsibility for the attack, said that some trains stopped running after hackers compromised the railway system’s routing and switching devices and rendered them inoperable by encrypting data stored on them.