IT Army of Ukraine
Pro-Ukraine volunteer collective established 26 February 2022 by Ukrainian Deputy Prime Minister and Minister of Digital Transformation Mykhailo Fedorov, via a Telegram channel that publishes target lists. Operates a continuous low-level DDoS tempo against Russian government services, banks, payment processors, railways, ISPs, and state media, alongside more intermittent leak operations. The architecture is the mirror of NoName057(16)'s DDoSia — a coordinated volunteer-pool DDoS service driven by daily Telegram target lists.
Aliases
Motivations
Target sectors
Target countries
Diamond Model
Caltagirone / Pendergast / Betz 2013 — four-vertex attribution framework.
MITRE ATT&CK techniques
Timeline
4 events- CompromiseHigh2024-06-20·Ukrainska Pravda
IT Army claims large-scale DDoS against Russian banks and the Mir payment system
Ukrainska Pravda reported that the IT Army of Ukraine claimed a large-scale DDoS operation against the Russian banking system, including the National Payment Card System (NSPK) which operates Mir cards. According to the group and Russian state media coverage, services at VTB, Sberbank, Tinkoff, Alfa-Bank, Gazprombank and several telecommunications operators were intermittently unavailable, with disruption reported from around 10:00 local time and peaking near 14:00 before being contained. The IT Army described it as 'possibly the largest DDoS attack in history'; NSPK characterised the impact as short-lived.
ddosrussiabankingmir-payment-system - ReportInfo2023-08-15·CSIS
CSIS documents the evolution of the IT Army into a structured operation
CSIS's Strategic Technologies Blog published an analysis tracing the IT Army's evolution from an ad-hoc volunteer effort into a more structured organisation with ongoing support from Ukrainian officials. The piece reports a public Telegram membership that peaked around 300,000 in March 2022 and declined to roughly 170,000 by August 2023, and cites estimates of around 65,000 active volunteers in May 2022 and approximately 2,000 attacks conducted by June 2022.
reportukrainetelegramddos - ReportInfo2022-06-22·Center for Security Studies, ETH Zurich
CSS Zurich publishes first comprehensive analysis of the IT Army of Ukraine
The Center for Security Studies (CSS) at ETH Zurich published 'The IT Army of Ukraine: Structure, Tasking, and Ecosystem' by Stefan Soesanto, describing the initiative as a hybrid construct that is 'neither civilian nor military, neither public nor private, neither local nor international, and neither lawful nor unlawful'. The report documents how, in the absence of a dedicated Ukrainian military cyber command, Kyiv merged emerging state cyber capabilities with a large international volunteer community and an ad-hoc Telegram-based tasking model.
reportacademiccss-zurichukraine - AnnouncementInfo2022-02-26·Ukrainska Pravda
Ukrainian minister Fedorov announces creation of an 'IT Army'
Two days after Russia's full-scale invasion, Ukraine's Vice Prime Minister and Minister of Digital Transformation Mykhailo Fedorov announced via social media the creation of an 'IT Army' and pointed volunteers to a dedicated Telegram channel publishing operational tasks. Ukrainska Pravda quoted Fedorov: 'We are creating an IT Army. All operational tasks will be posted [here]. There's plenty to do for everyone. We continue our fight at the cyber-front.' The channel grew rapidly and an initial target list focused on Russian government, banking and corporate sites including Sberbank and the Moscow Stock Exchange.
announcementukraineddosvolunteer
Indicators of compromise
0 indicatorsRelated actors
shared ATT&CK techniques- ?? · UnknownAnonymous Sudan2 shared techniques
- RU · RussiaKillNet2 shared techniques
- RU · RussiaNoName057(16)2 shared techniques
References
cite this page
Threat Intel Tracker. (2026-07-15). IT Army of Ukraine — actor profile. Retrieved from https://threatintel.local/actors/it-army-of-ukraine