According toReuters, the Ukrainian government asked for volunteers from the country's hacker underground to help protect critical infrastructure and conduct cyber spying missions againstRussian troops.Yegor Aushev, the co-founder of a Ukrainiancybersecurity firmHacken,[7] wrote, "Ukrainian cybercommunity! It's time to get involved in the cyber defense of our country," asking hackers and cybersecurity experts to submit an application listing their specialties, such as malware development and professional references.[8][9]
Furthermore, the Ukrainian government broadcast a global call for the participationhackers,hacktivists, and regular computer users alike, the first time a nation-state has done so, thus further shaping cyberwarfare doctrine.[10][11]
The volunteers who joined the group are divided into offensive and defensive cyber units. While the offensive volunteer unit would assist Ukraine's military in conducting digital espionage operations against invadingRussian forces, the defensive unit would be employed to defend infrastructure such as power plants and water systems.[1]
The Ukrainian government usedTwitter andTelegram to share a list of Russian and Belarusian targets for the army to attack.[12] As time went on, the dissemination of target information became more structured,[13] with attacks primarily consisting ofdenial-of-service attacks using a variety of open-source tools.[14] Russian ransomware operators responded by offering their assistance to counter the Ukrainian effort.[15]
Fedorov requested the assistance of cyber specialists and tweeted a Telegram with a list of 31 websites of Russian business and state organizations.[16][17][5]
On 28 February 2022, the IT Army hacked the website of theMoscow Stock Exchange. The IT Army posted that it had taken them only five minutes to render the website inaccessible.[18][19][20]
On the same day, the IT Army hacked the website ofSberbank, Russia's largest bank. The IT Army had also launched attacks on otherRussian andBelarusian sites, including the government websites of Russia and Belarus, theFSB, and the Belarusian state news agencyBelTA, among others.[17][21]
According to Reuters, the group targets Russian power grids and railways to prevent Russian infrastructure from reaching Ukraine.[2] This included technologies such asGLONASS.[2]
Eight hundred Russian websites, includingRoscosmos, were attacked by the IT Army from 27 June to 10 July. They posted congratulatory messages to Ukrainian Constitution Day on those websites. Additionally, distributed denial-of-service attacks carried out by the IT army have crippled the Russian ability to work on some CRM systems for extended periods.[22]
In September 2022, the group had reportedly collaborated withAnonymous to commit a cyberattack againstYandex Taxi's systems, resulting in a traffic jam inMoscow.[24]
The group claimed to have successfully hacked the website of the notorious Russian paramilitary group, theWagner Group, and stolen the personal data of its members. On the defaced website, photos of dead soldiers were shown afterward.[25]
On 3 August 2025, ten days after the launch of thenuclear submarineKnyaz Pozharsky, Ukrainian hackers obtained numerous classified documents revealing the vessel’s capabilities and limitations and published them in open access.[28]
IT Army uses Clearview’sfacial recognition system to identify the bodies of Russian soldiers killed in combat and to inform their families of their deaths, with the aim of provoking internal unrest in Russia. Surveillance researcher Stephanie Hare describes this activity aspsychological warfare and suggests that, conversely, it could strengthen anti-Ukrainian sentiment in Russia.[29]
