Ukraine’s IT Army is Waging a Crowdsourced Cyber War Against Russia

Since Russia’s full-scale invasion of Ukraine in 2022, cyberattacks have become a routine part of the conflict. Helping lead Ukraine’s cyber offensives is the IT Army of Ukraine, a decentralized hacking force that has launched relentless cyber offensives against Russia’s digital infrastructure. In June 2024, the group claimed responsibility for the largest Distributed Denial of Service (DDoS) attack in history, crippling Russian banks and disrupting financial networks. But as the war drags on, the IT Army faces a new challenge: how to scale its operations without relying on traditional recruitment methods.

Formed in response to Russia’s invasion from Ukraine’s Minister of Digital Transformation, Mykhailo Fedorov, the IT Army quickly amassed hundreds of thousands of volunteers. The attacks carried out by Ukraine’s IT Army rely on a simple tactic: DDoS attacks. These attacks work by flooding a target—such as a website, server, or network—with an overwhelming amount of traffic, rendering it slow, unresponsive, or completely offline.

On their Telegram channel, the IT Army advertises that the “IT ARMY Kit is a simple and effective tool for cyber resistance against Russian aggression.”

To execute a DDoS attack at scale, hackers typically form a botnet—a network of computers and devices that work together to bombard the target with requests. In the case of the IT Army, volunteers contribute their own computing power, effectively turning thousands of individual machines into a coordinated digital weapon. The more devices involved, the more difficult it becomes for the target to withstand the attack.

Nick Kesler, a security expert who has built DDoS-resistant services for years, explained: “The key to sustaining a dedicated DDoS campaign is mimicking real expected traffic as closely as possible and sourcing it from expected customer geographies or IP ranges.”

He adds, “A successful attack must be as varied in nature as possible, with planned shifts over time as defenses are put in place. The goal is to keep defenders on their heels, forcing them to constantly pivot to combat the newest wave.” Kesler also emphasizes the importance of timing: “Coordinating attacks with service or country-specific events can make the effects more impactful and significantly harder to recover from.”

The IT Army estimates that its cyberattacks have inflicted well over a billion dollars in economic damage on Russia. Following a recent cyberattack, the IT Army took to Telegram to declare: “Our actions are starting to look more and more like a Hollywood hacker movie, just without the popcorn.” The IT Army also managed to take down Moscow’s largest internet provider for ten days. Celebrating the success, they remarked: “Is that a record already, or not yet?”

“While not garnering the same level of media attention as it did in its early days, the IT Army is still going strong,” said Pascal Geenens, the Director for Threat Intelligence for Radware. “Their online DDoS leaderboard is continuously updated, and top contributors are running infrastructures of nearly 350 hosts that are continuously performing attacks leveraging the DDoS automation tools provided by the IT army.”

Yet maintaining this offensive requires constant reinforcement. Over time, casual supporters have disengaged, leaving only the most dedicated volunteers. As Ted, an IT Army spokesperson, stated: “We need more people dedicating hardware capacity to the fight.” Recruiting, however, has become more difficult. Social media platforms such as Twitter/X and Facebook ban content promoting cyberattacks, limiting the IT Army’s ability to attract new volunteers.

Despite these challenges, Ukraine’s cyber forces remain as effective as ever. The IT Army has coordinated attacks with Ukrainian intelligence services, launching DDoS strikes on Russian CCTV networks to disrupt enemy surveillance during drone strikes on Russian oil refineries.

Russia has felt the cyber sting. Dmitry Gribkov, an aide to the Russian Security Council secretary, claimed that Ukraine’s IT Army is an international hacking group trained under Western supervision to target Russia’s information infrastructure and steal sensitive data. In a fit, he warned that these hackers, backed by Western sponsors, could eventually redirect their cyber capabilities against other nations, including their alleged backers.

A Russian cybersecurity firm called out IT Army of Ukraine remains the most active hacking group targeting Russian digital infrastructure and that DDoS attacks increased by at least 50% in 2024, and the group predicts that as long as Russia’s war continues, Ukraine’s cyber offensives will grow in scale and impact.

Following a poll on the IT Army’s Telegram channel asking users whether there should be a ceasefire, one user responded: “In cyberspace – no! But in real life – yes, let the guys stop dying and see their families. Again: a truce does not mean forgiveness. Such things are not forgiven; the guilty must be punished.”

Scaling these operations will require creative solutions beyond technical expertise. The IT Army’s next challenge is not just about cyber warfare—it is about convincing ordinary people that they can participate in a decentralized, digital resistance from anywhere in the world.

“It is very easy for anyone to contribute. The IT Army enhanced existing DDoS tools and packaged them in a convenient way so they can be easily installed,” said Geenens. “The whole process has been elaborately documented on their website. Individuals having issues during the installation can always find support through the IT Army Telegram channel.”

Ted admitted, “Our communication isn’t perfect, but our tools are incredibly user-friendly—plug-and-play, no advanced knowledge required.”

(Editor’s note: All unsourced quotes are from the author’s interviews with the respondents).