it_army_of_russia

IT Army of Russia is a pro-Russian, pro-Kremlin hacktivist group that emerged in late March 2025. It communicates via the Duty-Free cybercrime forum and a Telegram channel with more than 800 subscribers. Reported activity in the provided content is focused primarily on Ukraine and includes attacks against Ukrainian organizations, especially Ukrainian websites and small Ukrainian businesses, as well as recruitment of insiders within Ukraine’s critical infrastructure. The group also uses cybercrime forums and Telegram to publish allegedly stolen data, solicit intelligence on Ukrainian military and civilian infrastructure for future attacks, and operate a Telegram bot to collect intelligence and suggest new targets. Intel 471 identified the group as mainly involved in DDoS attacks, and the content also attributes website defacements, data leaks, and claimed data theft to it. The group reportedly uses a tool called PanicBotnet for DDoS operations. In the provided reporting, IT Army of Russia claimed responsibility for an attack affecting Ukrposhta’s mobile application and alleged it had previously breached Ukrposhta infrastructure, accessed a server, and exfiltrated user and internal data, though those claims were not independently verified. Separate self-reported claims attributed to the group describe a destructive attack against Ukrainian housing and utilities-related infrastructure associated with info-gkh[.]com[.]ua, including malware distribution, encryption of victim systems, exfiltration of personal data, access to employee accounts and websites, and destruction of databases; these claims were also not independently verified. The group has also claimed leaks of databases from Ukrainian and Polish websites, including a real estate platform, a makeup retailer, and Poland’s educational platform. Known alias in the provided content: it_army_of_russia.