• Actual
  • Law and the media
  • Helpful
  • Work areas and campaigns
  • Reviews and monitoring
  • 7 exiled Belarusian media sites hit by DDoS attacks

    Web­sites of at least six exiled Belaru­sian news out­lets and one jour­nal­ists’ asso­ci­a­tion have been tar­get­ed since March by dis­trib­uted denial-of-ser­vice (DDoS) attacks, which aim to over­whelm web­sites with floods of inter­net traf­fic. 

    Anna Brakha joined CPJ as a Europe and Cen­tral Asia researcher in 2022. Pri­or to CPJ, she worked in dif­fer­ent struc­tures at the cross­roads of media and inter­na­tion­al rela­tions. She holds a master’s degree in inter­na­tion­al rela­tions and post-Sovi­et stud­ies from INALCO Uni­ver­si­ty and a Mas­ter of Sci­ence of Man­age­ment and Media and Dig­i­tal indus­tries from ESSEC Busi­ness School. She speaks French and Russ­ian.

    Staff at sev­er­al of the affect­ed out­lets said the increas­ing­ly fre­quent attacks appear to extend a pat­tern of transna­tion­al repres­sion linked to cov­er­age of polit­i­cal issues.

    The tar­get­ed media sites — all effec­tive­ly banned from oper­at­ing in Belarus after author­i­ties labeled them “extrem­ist” groups — include Zerka­loReform.newsNasha NivaPozirkMediazona.BelarusEuro­ra­dio, and the Belaru­sian Asso­ci­a­tion of Jour­nal­ists (BAJ), a trade group exiled since 2021. 

    For years, Belarus has harassed jour­nal­ists in exile with crim­i­nal cas­es in absen­tia, opaque inves­ti­ga­tions, intim­i­da­tion of their fam­i­lies, and prop­er­ty seizure. At least 21 jour­nal­ists remain behind bars in the coun­try, even after four were par­doned this year. 

    These repres­sive tac­tics are part of an ongo­ing crack­down since peace­ful protests swept the coun­try in 2020 in response to the dis­put­ed re-elec­tion of Pres­i­dent Alek­san­dr Lukashenko, who has been in pow­er since 1994. 

    While it can be dif­fi­cult to pin­point those respon­si­ble for DDoS attacks, edi­tors and jour­nal­ists at the out­lets tar­get­ed in the recent wave told CPJ they believed Belaru­sian author­i­ties might have sought to squash report­ing on par­tic­u­lar polit­i­cal top­ics, includ­ing events linked to Belarus’ exiled oppo­si­tion.

    Work disrupted 

    Zerka­lo

    For six days in late April, DDoS attacks forced staff of inde­pen­dent news por­tal Zerka­lo, which was found­ed by the for­mer team of the now-defunct Tut.by, to tight­en access to their web­site. To do this, they used addi­tion­al ver­i­fi­ca­tion steps, includ­ing Com­plete­ly Auto­mat­ed Pub­lic Tur­ing tests (CAPTCHAs), which are designed to con­firm site vis­it requests are from humans. 

    “Dur­ing this time, our tech­ni­cal team’s resources were direct­ed not toward prod­uct devel­op­ment for Zerka­lo, but toward strength­en­ing our infra­struc­ture,” Zerka­lo Direc­tor Ali­ak­san­dra Pushk­i­na told CPJ. 

    The out­let has since invest­ed addi­tion­al resources in devel­op­ing an ear­ly detec­tion sys­tem for DDoS attacks, Pushk­i­na added. 

    Pozirk

    RESIDENT.NGO, a dig­i­tal secu­ri­ty orga­ni­za­tion sup­port­ing civ­il soci­ety in East­ern Europe, doc­u­ment­ed two large-scale DDoS attacks against inde­pen­dent media out­let Pozirk in mid-May. Between May 9–10, the Pozirk web­site suf­fered a mas­sive, 12-hour DDoS attack involv­ing 14.38 bil­lion requests from over 31,000 dif­fer­ent IP address­es, accord­ing to RESIDENT.NGO. 

    Although Cloud­flare — a U.S.-based cyber­se­cu­ri­ty com­pa­ny that can mit­i­gate DDoS attacks — blocked more than 99% of the traf­fic, around 41 mil­lion requests bypassed its defens­es, caus­ing a near-total out­age. 

    A small­er attack on May 17–18, which also knocked Pozirk offline, appeared to use a coor­di­nat­ed net­work of bots to mim­ic stan­dard inter­net users, RESIDENT.NGO report­ed. The attack­ers sourced much of the traf­fic from major cloud providers, a U.S.-based host­ing ser­vice, and Tor, a decen­tral­ized glob­al pri­va­cy tool that routes inter­net traf­fic through mul­ti­ple relay servers to ensure anonymi­ty.

    Around the world, CPJ has tracked the use of cheap and acces­si­ble online tools to launch DDoS attacks against news sites, while mask­ing the iden­ti­ties of the per­pe­tra­tors. 

    Reform.news

    Inde­pen­dent news web­site Reform.news has been hit fre­quent­ly since March, staff said, and most recent­ly on June 2.

    “Attacks on our web­site cause the serv­er to be over­whelmed by requests, result­ing in the web­site going down,” said Edi­tor-in-Chief Fyo­dar Pauluchen­ka.

    To com­bat the attacks, Reform.news has enabled Cloudflare’s DDoS pro­tec­tion mode, which allows them to instant­ly restore ser­vice, Pauluchen­ka said. 

    “So far, the attacks do not appear to be seri­ous, and our tech­ni­cal capa­bil­i­ties allow us to fend them off,” he added.

    Euro­ra­dio

    Euro­ra­dio Edi­tor-in-Chief Yauhen Kazart­sau said that DDoS attacks on his out­let had become “reg­u­lar” since late April.

    “Each time, [DDoS attack­ers] use dif­fer­ent meth­ods,” Kazart­sau told BAJ. “On June 2, the attack last­ed sev­er­al hours until we fixed the vul­ner­a­bil­i­ty on the site that they had exploit­ed.” 

    Cloud­flare man­aged to block the “vast major­i­ty” of DDoS attacks, Kazart­sau said.

    Cloud­flare, which offers a free cyber­se­cu­ri­ty prod­uct to cer­tain civ­il soci­ety orga­ni­za­tions, like media out­lets, said in a recent annu­al report that DDoS attacks account­ed for over 80% of mali­cious traf­fic threat­en­ing those using it glob­al­ly.

    Cloudflare’s press ser­vice did not respond to CPJ’s emailed request for com­ment on how their ser­vice is adapt­ing to increased chal­lenges posed by DDoS attacks against Belaru­sian media out­lets.  

    Nasha Niva

    An edi­tor at Nasha Nivawhich was tar­get­ed on May 11, told CPJ on con­di­tion of anonymi­ty for fear of reprisal that the DDoS attack had “lit­tle impact on our oper­a­tions, as we face DDoS attacks all the time. … We counter them effi­cient­ly and quick­ly.”

    BAJ

    Barys Haret­s­ki, deputy chair­man of BAJ, told CPJ that their web­site was tar­get­ed “quite often,” most recent­ly on May 7, after they pub­lished a report on the expul­sion of the Russ­ian Union of Jour­nal­ists, a pro-Krem­lin asso­ci­a­tion, from the Inter­na­tion­al Fed­er­a­tion of Jour­nal­ists.

    Russ­ian state media reg­u­la­tor Roskom­nad­zor blocked BAJ’s web­site the same day. 

    “Obvi­ous­ly, after that we lost all our Russ­ian traf­fic,” Haret­s­ki said. 

    CPJ reached out to Mediazona.Belarus for com­ment on a March DDoS attack on its web­site, but did not imme­di­ate­ly receive a response.

    Censorship tactic 

    Jour­nal­ists at sev­er­al of the out­lets said inten­si­fied DDoS attacks coin­cid­ed with cov­er­age of sen­si­tive issues and polit­i­cal events.

    Pushk­i­na said she believes the attack in late April was “part of a coor­di­nat­ed attack by the Belaru­sian author­i­ties” to silence, among oth­er things, cov­er­age of the 40th anniver­sary of the 1986 Cher­nobyl nuclear plant explo­sion. Parts of Belarus were heav­i­ly con­t­a­m­i­nat­ed after that dis­as­ter, and cov­er­age of the anniver­sary is “tra­di­tion­al­ly silenced at the offi­cial lev­el,” Pushk­i­na said.

    She could not be cer­tain that a spe­cif­ic report trig­gered that attack, but anoth­er large-scale DDoS attack in July 2025 seemed to clear­ly tar­get a report about oppo­si­tion leader Svi­at­lana Tsikhanouskaya. 

    Since then, Zerka­lo has suf­fered six more attacks, with four since Feb­ru­ary 2026.

    “Both the scale and fre­quen­cy of attacks have increased com­pared to pre­vi­ous years,” Pushk­i­na told CPJ. 

    Edi­tors at the tar­get­ed out­lets said attack­ers may have want­ed to smoth­er report­ing on the May elec­tions for the Coor­di­na­tion Coun­cil, a non-gov­ern­men­tal demo­c­ra­t­ic oppo­si­tion body oper­at­ing in exile. On May 11, the Coor­di­na­tion Council’s online vot­ing plat­form was itself tar­get­ed by a large-scale DDoS attack

    Kazart­sau said that DDoS attacks on Euro­ra­dio had become reg­u­lar “rough­ly since the start of vot­ing for the Coor­di­na­tion Coun­cil elec­tions.” 

    Pushk­i­na and the Nasha Niva edi­tor sim­i­lar­ly linked recent attacks on their site to the elec­tions, as did RESIDENT.NGO regard­ing the May attacks on Pozirk. 

    The attacks “demon­strate that the author­i­ties in Min­sk have the means to par­a­lyze the oper­a­tion of any web­site,” Pauluchen­ka told CPJ.

    Pauluchen­ka told CPJ that DDoS attacks on Reform.news became more fre­quent around Belarus’ Free­dom Day on March 25, which com­mem­o­rates the cre­ation of the Belaru­sian People’s Repub­lic in 1918. 

    Belaru­sian author­i­ties have banned cel­e­bra­tion of the day, which is asso­ci­at­ed with oppo­si­tion to Lukashenko’s gov­ern­ment. Reform.news had pub­lished sto­ries about it, but Pauluchen­ka said he did not believe a spe­cif­ic piece of con­tent trig­gered the attacks.

    “This seems more like a new tac­tic by the Belaru­sian author­i­ties — to cre­ate con­stant obsta­cles for inde­pen­dent media,” Pauluchen­ka explained. “Per­haps they are try­ing to force us to spend more on host­ing. We specif­i­cal­ly moved from cloud host­ing to a sep­a­rate ded­i­cat­ed serv­er to con­trol costs in the event of an attack. It is eas­i­er for us to take the site offline than to spend thou­sands of euros on pro­tec­tion against attacks.” 

    Belarus’ Min­istry of Infor­ma­tion, which reg­u­lates and enforces the government’s media pol­i­cy, did not respond to CPJ’s email on June 15 request­ing com­ment about the DDoS attacks.

    The most important news and materials in our Telegram channel — subscribe!
    @bajmedia
    Most read
    Every day send to your mailbox: actual offers (grants, vacancies, competitions, scholarships), announcements of events (lectures, performances, presentations, press conferences) and good content.