Ukraine's IT Army is Waging a Crowdsourced Cyber War Against Russia

Ukraine's IT Army is Waging a Crowdsourced Cyber War Against Russia

Since Russia's full-scale invasion of Ukraine in 2022, cyberattacks have become a routine part of the conflict. Helping lead Ukraine's cyber offensives is the IT Army of Ukraine, a decentralized hacking force that has launched relentless cyber offensives against Russia's digital infrastructure.

In June 2024, the group claimed responsibility for the largest Distributed Denial of Service (DDoS) attack in history, crippling Russian banks and disrupting financial networks. But as the war drags on, the IT Army faces a new challenge: how to scale its operations without relying on traditional recruitment methods.

Formed in response to Russia's invasion from Ukraine's Minister of Digital Transformation, Mykhailo Fedorov, the IT Army quickly amassed hundreds of thousands of volunteers. The attacks carried out by Ukraine's IT Army rely on a simple tactic: DDoS attacks. These attacks work by flooding a target—such as a website, server, or network—with an overwhelming amount of traffic, rendering it slow, unresponsive, or completely offline.

On their Telegram channel, the IT Army advertises that the "IT ARMY Kit is a simple and effective tool for cyber resistance against Russian aggression." To execute a DDoS attack at scale, hackers typically form a botnet—a network of computers and devices that work together to bombard the target with requests. In the case of the IT Army, volunteers contribute their own computing power, effectively turning thousands of individual machines into a coordinated digital weapon.

The more devices involved, the more difficult it becomes for the target to withstand the attack. Nick Kesler, a security expert who has built DDoS-resistant services for years, explained: "The key to sustaining a dedicated DDoS campaign is mimicking real expected traffic as closely as possible and sourcing it from expected customer geographies or IP ranges." He adds, "A successful attack must be as varied in nature as possible, with planned shifts over time as defenses are put in place. The goal is to keep defenders on their heels, forcing them to constantly pivot to combat the newest wave."

Kesler also emphasizes the importance of timing: "Coordinating attacks with service or country-specific events can make the effects more impactful and significantly harder to recover from." The IT Army estimates that its cyberattacks have inflicted well over a billion dollars in economic damage on Russia. Following a recent cyberattack, the IT Army took to Telegram to declare: "Our actions are starting to look more and more like a Hollywood hacker movie, just without the popcorn."

The IT Army also managed to take down Moscow's largest internet provider for ten days. Celebrating the success, they remarked: "Is that a record already, or not yet?"

While not garnering the same level of media attention as it did in its early days, the IT Army is still going strong," said Pascal Geenens, the Director for Threat Intelligence for Radware. "Their online DDoS leaderboard is continuously updated, and top contributors are running infrastructures of nearly 350 hosts that are continuously performing attacks leveraging the DDoS automation tools provided by the IT army."

Yet maintaining this offensive requires constant reinforcement. Over time, new challenges have emerged. Scaling these operations will require creative solutions beyond technical expertise.

The IT Army's next challenge is not just about cyber warfare—it is about convincing ordinary people that they can participate in a decentralized, digital resistance from anywhere in the world.

"It is very easy for anyone to contribute. The IT Army enhanced existing DDoS tools and packaged them in a convenient way so they can be easily installed," said Geenens. "The whole process has been elaborately documented on their website. Individuals having issues during the installation can always find support through the IT Army Telegram channel."

Ted admitted, "Our communication isn't perfect, but our tools are incredibly user-friendly—plug-and-play, no advanced knowledge required."