The media was ablaze in the early weeks of Russia’s full-scale invasion as Ukraine mobilized a digital army of volunteer hackers to fight back. While it no longer dominates the headlines, the IT Army of Ukraine has quietly evolved and its impact is only growing.
One need not rely on Western media to gauge its effectiveness. Russian officials have provided all the coverage needed. According to Foreign Ministry Spokeswoman Maria Zakharova, the volunteer hackers are run by the Ukrainian government, claiming “over 200,000 attacks were committed by the hacker community against Russian infrastructure facilities in 2023.” It remains unclear whether all of these attacks were carried out by the IT Army specifically, but the scale speaks for itself.
“Operations of that kind are disguised as actions by the IT Army of Ukraine, which is allegedly a volunteer formation but is, in fact, run by the Ukrainian Defense Ministry. It is known to include about 130 hacker groups employing anywhere from 100,000 to 400,000 people,” read the briefing from Russia’s foreign ministry. At one point, even Israeli firms were accused by Russia of working with the volunteer hacking group.
Russia’s Permanent Representative to the UN, Vasily Nebenzya, accused the IT Army of Ukraine of waging a coordinated disinformation campaign against Russia. Dmitry Gribkov, an aide to Russia’s Security Council secretary, also claimed that Ukraine’s IT Army is a Western-backed hacker network trained in Ukraine and the Baltics to disrupt Russian government and private systems, and steal sensitive data.
Belgorod: the Russian City Putin Ignored at His Peril
These constant Kremlin complaints reflect how the IT Army continues to get under the skin of Russian officials.
Their method of attack is straightforward: they combine computing power from volunteers around the world, channeling it into a botnet that floods targeted servers with requests, a tactic known as a DDoS attack, to take them down.
Nick Kesler, a security expert who has built DDoS-resistant services for years, explained in an interview that sustaining a successful DDoS campaign requires mimicking real traffic, sourcing it from expected regions, and constantly varying attack methods to stay ahead of defenses. He notes that shifting tactics over time keeps defenders scrambling, while timing attacks around key events maximizes disruption and extends recovery time.
The group’s Telegram recently called out having “70,000 servers from 171 countries,” noting their efforts are like a “cyber-nuclear” weapon. A leaderboard is hosted to let volunteers compete over who contributes most actively to these operations.
On its Telegram channel, the IT Army promotes the “IT ARMY Kit” as a simple yet effective tool for cyber resistance against Russian aggression. The tooling now allows volunteers to schedule attacks: “Set your own schedule and contribute to cyber operations when it’s most convenient,” read one Telegram post.
According to the IT Army, some of their attacks have supported Ukrainian drone strikes by disabling CCTV systems, blinding Russian surveillance and aiding coordinated operations with Ukrainian intelligence.
Russian cybersecurity firm F6 identified the IT Army of Ukraine as the most active hacking group targeting Russian digital infrastructure, noting that DDoS attacks surged by at least 50% in 2024. The firm predicts that as long as the war continues, Ukraine’s cyber offensives will only grow in scale and impact.
The IT Army claimed that a recent attack on the provider Lovit caused a $350 million drop in the company’s stock value and disrupted internet services for 200,000 residents and businesses across 84 residential complexes in Moscow and St. Petersburg.
Ukrainian officials are beginning to more publicly recognize the work of those fighting in the digital sphere. In March, Ukraine’s military intelligence service (HUR) officially honored a group of civilian cyber activists for the first time, recognizing their contributions to national security.
Pascal Geenens, Director of Threat Intelligence at Radware, says the IT Army of Ukraine remains a vital force in the cyber conflict, even if international attention has faded since 2022. “Top contributors are still active, running infrastructures of nearly 350 hosts and executing ongoing DDoS attacks with tools provided by the IT Army,” he explained. These attacks not only disrupt Russian services but also serve as smokescreens and sources of intelligence to support troops on the ground.
He emphasized the low barrier to entry: the IT Army has streamlined and documented its DDoS tools, making it easy for volunteers to join, with support readily available via Telegram. Looking ahead, Geenens believes the IT Army will continue to be a cyber force Russia must reckon with and argues that its model – public participation, crowdsourcing, and democratized cyber warfare – offers a template other countries may study in future conflicts.
One tech expert, speaking on condition of anonymity, told me that joining the IT Army is so simple that even his children – ages 13 and 11 – regularly participate in DDoS campaigns alongside the group.
Ted, the spokesperson for the IT Army, stated: “One of our key areas of focus was the financial sector – we hit 34 financial organizations and 37 other strategic targets, conducting 94 operations in total. This wasn’t just about disruption; it was about prioritizing real, measurable damage to Russia’s ability to sustain the war.”
Ted added: “2022 felt like a highway with no speed limits. We could pretty much hit anything, anywhere. Now, it’s a different game. Russia has invested a lot into cybersecurity, and breaking through their defenses takes more skill, more patience, and better tools.”
While the Ukrainian government has largely left the IT Army to operate independently, Ted says that’s by design, to let the state focus on conventional warfare. Still, Ted is hopeful that after the war, the government will protect volunteers from legal risks and learn from their experience. But it remains a concern, as volunteer hackers engaged in cyber warfare are operating in a legal gray area.
“The reality is, Russia will try again, whether in 5 years or 50, and when they do, Ukraine should be ready to roll out a cyber resistance instantly,” said Ted.
You can also highlight the text and press Ctrl + Enter
