7 exiled Belarusian media sites hit by DDoS attacks

Websites of at least six exiled Belarusian news outlets and one journalists’ association have been targeted since March by distributed denial-of-service (DDoS) attacks, which aim to overwhelm websites with floods of internet traffic. 

Staff at several of the affected outlets said the increasingly frequent attacks appear to extend a pattern of transnational repression linked to coverage of political issues.

The targeted media sites — all effectively banned from operating in Belarus after authorities labeled them “extremist” groups — include Zerkalo, Reform.news, Nasha Niva, Pozirk, Mediazona.Belarus, Euroradio, and the Belarusian Association of Journalists (BAJ), a trade group exiled since 2021. 

For years, Belarus has harassed journalists in exile with criminal cases in absentia, opaque investigations, intimidation of their families, and property seizure. At least 21 journalists remain behind bars in the country, even after four were pardoned this year. 

These repressive tactics are part of an ongoing crackdown since peaceful protests swept the country in 2020 in response to the disputed re-election of President Aleksandr Lukashenko, who has been in power since 1994. 

While it can be difficult to pinpoint those responsible for DDoS attacks, editors and journalists at the outlets targeted in the recent wave told CPJ they believed Belarusian authorities might have sought to squash reporting on particular political topics, including events linked to Belarus’ exiled opposition.

Work disrupted 

Zerkalo

For six days in late April, DDoS attacks forced staff of independent news portal Zerkalo, which was founded by the former team of the now-defunct Tut.by, to tighten access to their website. To do this, they used additional verification steps, including Completely Automated Public Turing tests (CAPTCHAs), which are designed to confirm site visit requests are from humans. 

“During this time, our technical team’s resources were directed not toward product development for Zerkalo, but toward strengthening our infrastructure,” Zerkalo Director Aliaksandra Pushkina told CPJ. 

The outlet has since invested additional resources in developing an early detection system for DDoS attacks, Pushkina added. 

Pozirk

RESIDENT.NGO, a digital security organization supporting civil society in Eastern Europe, documented two large-scale DDoS attacks against independent media outlet Pozirk in mid-May. Between May 9-10, the Pozirk website suffered a massive, 12-hour DDoS attack involving 14.38 billion requests from over 31,000 different IP addresses, according to RESIDENT.NGO. 

Although Cloudflare — a U.S.-based cybersecurity company that can mitigate DDoS attacks — blocked more than 99% of the traffic, around 41 million requests bypassed its defenses, causing a near-total outage. 

A smaller attack on May 17-18, which also knocked Pozirk offline, appeared to use a coordinated network of bots to mimic standard internet users, RESIDENT.NGO reported. The attackers sourced much of the traffic from major cloud providers, a U.S.-based hosting service, and Tor, a decentralized global privacy tool that routes internet traffic through multiple relay servers to ensure anonymity.

Around the world, CPJ has tracked the use of cheap and accessible online tools to launch DDoS attacks against news sites, while masking the identities of the perpetrators. 

Reform.news

Independent news website Reform.news has been hit frequently since March, staff said, and most recently on June 2.

“Attacks on our website cause the server to be overwhelmed by requests, resulting in the website going down,” said Editor-in-Chief Fyodar Pauluchenka.

To combat the attacks, Reform.news has enabled Cloudflare’s DDoS protection mode, which allows them to instantly restore service, Pauluchenka said. 

“So far, the attacks do not appear to be serious, and our technical capabilities allow us to fend them off,” he added.

Euroradio

Euroradio Editor-in-Chief Yauhen Kazartsau said that DDoS attacks on his outlet had become “regular” since late April.

“Each time, [DDoS attackers] use different methods,” Kazartsau told BAJ. “On June 2, the attack lasted several hours until we fixed the vulnerability on the site that they had exploited.” 

Cloudflare managed to block the “vast majority” of DDoS attacks, Kazartsau said.

Cloudflare, which offers a free cybersecurity product to certain civil society organizations, like media outlets, said in a recent annual report that DDoS attacks accounted for over 80% of malicious traffic threatening those using it globally.

Cloudflare’s press service did not respond to CPJ’s emailed request for comment on how their service is adapting to increased challenges posed by DDoS attacks against Belarusian media outlets.  

Nasha Niva

An editor at Nasha Niva, which was targeted on May 11, told CPJ on condition of anonymity for fear of reprisal that the DDoS attack had “little impact on our operations, as we face DDoS attacks all the time. … We counter them efficiently and quickly.”

BAJ

Barys Haretski, deputy chairman of BAJ, told CPJ that their website was targeted “quite often,” most recently on May 7, after they published a report on the expulsion of the Russian Union of Journalists, a pro-Kremlin association, from the International Federation of Journalists.

Russian state media regulator Roskomnadzor blocked BAJ’s website the same day. 

“Obviously, after that we lost all our Russian traffic,” Haretski said. 

CPJ reached out to Mediazona.Belarus for comment on a March DDoS attack on its website, but did not immediately receive a response.

Censorship tactic 

Journalists at several of the outlets said intensified DDoS attacks coincided with coverage of sensitive issues and political events.

Pushkina said she believes the attack in late April was “part of a coordinated attack by the Belarusian authorities” to silence, among other things, coverage of the 40th anniversary of the 1986 Chernobyl nuclear plant explosion. Parts of Belarus were heavily contaminated after that disaster, and coverage of the anniversary is “traditionally silenced at the official level,” Pushkina said.

She could not be certain that a specific report triggered that attack, but another large-scale DDoS attack in July 2025 seemed to clearly target a report about opposition leader Sviatlana Tsikhanouskaya. 

Since then, Zerkalo has suffered six more attacks, with four since February 2026.

“Both the scale and frequency of attacks have increased compared to previous years,” Pushkina told CPJ. 

Editors at the targeted outlets said attackers may have wanted to smother reporting on the May elections for the Coordination Council, a non-governmental democratic opposition body operating in exile. On May 11, the Coordination Council’s online voting platform was itself targeted by a large-scale DDoS attack. 

Kazartsau said that DDoS attacks on Euroradio had become regular “roughly since the start of voting for the Coordination Council elections.” 

Pushkina and the Nasha Niva editor similarly linked recent attacks on their site to the elections, as did RESIDENT.NGO regarding the May attacks on Pozirk. 

The attacks “demonstrate that the authorities in Minsk have the means to paralyze the operation of any website,” Pauluchenka told CPJ.

Pauluchenka told CPJ that DDoS attacks on Reform.news became more frequent around Belarus’ Freedom Day on March 25, which commemorates the creation of the Belarusian People’s Republic in 1918. 

Belarusian authorities have banned celebration of the day, which is associated with opposition to Lukashenko’s government. Reform.news had published stories about it, but Pauluchenka said he did not believe a specific piece of content triggered the attacks.

“This seems more like a new tactic by the Belarusian authorities — to create constant obstacles for independent media,” Pauluchenka explained. “Perhaps they are trying to force us to spend more on hosting. We specifically moved from cloud hosting to a separate dedicated server to control costs in the event of an attack. It is easier for us to take the site offline than to spend thousands of euros on protection against attacks.” 

Belarus’ Ministry of Information, which regulates and enforces the government’s media policy, did not respond to CPJ’s email on June 15 requesting comment about the DDoS attacks.