Following Russia’s invasion of Ukraine on 24 February 2022, Ukraine’s head of the Ministry of Digital Transformation, Mykhailo Fedorov, announced on Telegram the creation of an IT army in Ukraine to fight on the cyber front and to ask for volunteers.[1]
Translation of Figure 1:
The IT army of Ukraine is a very simple concept: it is based on botnets, computer networks that organise only one type of attack in 90 per cent of cases, distributed denial of service (DDoS)) attacks. To execute a DDoS attack at scale, hackers typically form a botnet, a network of computers and devices that work together to bombard the target with requests. In the case of the IT Army, volunteers contribute their own computing power, effectively turning thousands of individual machines into a coordinated digital weapon. The more devices involved in a DDoS attack, the more difficult it becomes for the target to withstand the attack.[2]
The IT army of Ukraine grew from a grassroots digital group that has grown to 300,000 or 400,000 individuals globally, posing challenges in terms of maintaining membership levels and increasing membership levels.
The targets for the IT Army of Ukraine include Russian Government websites, and Russian media sites. In June 2024, the group claimed responsibility for the largest DDoS attack in history, crippling Russian banks and disrupting financial networks. The IT Army has coordinated attacks with Ukrainian intelligence services, launching DDoS strikes on Russian CCTV networks to disrupt enemy surveillance during drone strikes on Russian oil refineries.[3]
Translation of Figure 2, dated March 14, 2024[4]:
The IT army of Ukraine attacked a number of government and local portals, including the Troika fare payment system. This is one of the largest ticketing systems in Russia, serving 38 regions. As a result, transport card holders in the Moscow and Kazan regions were unable to pay for their tickets or top up their travel cards.
The IT Army of Ukraine was originally set up and managed by the Ukrainian Ministry of Digital Transformation; the ministry's role has since declined to non- operational support, with the IT Army of Ukraine now led entirely by its own members. In terms of funding, the IT army crowdfunding campaigns and relies on volunteers for coordination, reflecting the decentralised model of the IT army of Ukraine.
The IT army of Ukraine has agreed not to attack healthcare or humanitarian facilities based upon the International Committee of the Red Cross rules of engagement for civilian hackers involved in conflicts.[5] It highlights the ethical stance that the IT Army of Ukraine has now taken.
From an army perspective, the IT Army of Ukraine puts forward an interesting model. The model highlights how 300,000 to 400,000 volunteers globally can be recruited into a volunteer entity. But the model poses some interesting issues, such as how to integrate a civilian ad hoc organisation into military operations and the type of military operations that they could be used for. Once the conflict is over, is the volunteer group disbanded or are they integrated into a formal organisation with command and control and oversight functions? Another challenge is how to deal with the potential issue of insider threats when you have a large volume of online volunteers who are not physically known or cannot easily be security vetted.
RMIT University has written Occasional Paper 35, titled Cyber Security - Partnership Between Defence, Society and Private Companies - Lessons from Ukraine, providing recommendations on how Defence and the Australian Army could work with civil society and industry to bolster Australia’s cyber capacity and to meet new and evolving cyber threats.
Endnotes
[1] Fedorov, Telegram Channel, Edited 27 February 2022, https://t.me/zedigital/1114
[2] David Kirichenko, 24 March 2024, ‘Ukraine’s IT Army is Waging a Crowdsourced Cyber War Against Russia’, https://smallwarsjournal.com/2025/03/24/ukraines-it-army-is-waging-a-crowdsourced-cyber-war-against-russia/
[3] IT Army of Ukraine, Telegram channel, Edited 21 June 2024, https://t.me/itarmyofukraine2022/2280
[4] Telegram channel, 14 March 2024, https://t.me/mintsyfra/5255
[5] Joe Tidy, ‘Rules of engagement issued to hacktivists after chaos, 4 October 2023, https://www.bbc.com/news/technology-66998064
