HOMETHREATSCyber Partisans
APT / THREAT GROUP💰 FINANCIALHIGH

Cyber Partisans

🇧🇾Belarus-attributed
1
campaigns
1
aliases
Last seen:Mar 17, 2026

Intelligence Profile

The Cyber Partisans, a hacktivist group based in Belarus, has been involved in various cyber-attacks targeting organizations and infrastructure in Belarus and Ukraine. They have hacked and wiped the network of the Belarusian Telegraph Agency, targeted the Belarusian Red Cross, and conducted ransomware attacks on the Belarusian Railway and Belarusian State University. The group aims to expose alleged crimes committed by pro-government organizations and disrupt operations supporting the Russian military operation against Ukraine. They have also leaked stolen data to journalists and expressed support for Ukraine.

Threat Analysis

Cyber Partisans is a high-sophistication threat actor attributed to Belarus, engaged in cyber operations with a primary motivation of financial.

Financially motivated threat actors like Cyber Partisans prioritize monetary gain through methods such as ransomware deployment, banking trojans, cryptocurrency theft, BEC scams, or credential harvesting for resale on underground markets.

With high sophistication, Cyber Partisans is capable of targeted intrusions using adapted commodity tools alongside custom implants, maintaining operational security and evading standard detection mechanisms.

Known Campaigns

Cyber Partisans — Active Operations March 2026

Cyber Partisans is a financial threat actor attributed to Belarus. The Cyber Partisans, a hacktivist group based in Belarus, has been involved in various cyber-attacks targeting organizations and infrastructure in Belarus and Ukraine. They have hacked and wiped the network of the Belarusian Telegraph Agency, targeted the Belarusian Red Cross, an...

ACTIVEMEDIUM2026

External References

Quick Facts

TypeAPT / Threat Group
Motivation💰 financial
Sophisticationhigh
Origin🇧🇾 Belarus
Aliases1
SourceMalpedia

Also Known As

Cyber Partisans

Research Links

Data sourced from Malpedia, Ransomware.live, RansomLook, and CTIWATCH OSINT collection. Actor attribution is based on available intelligence and may be incomplete.