The hackers came from all over the world. Russian and Ukrainian government websites were knocked offline, antiwar messages were painted onto the home pages of Russian media outlets and data from rival hacking operations was leaked. They swarmed into chat rooms, waiting for new instructions.
The war in Ukraine has provoked an onslaught of cyberattacks by apparent volunteers unlike any that security researchers have seen in previous conflicts, creating widespread disruption, confusion and chaos that researchers fear could provoke more serious attacks by nation-state hackers, escalate the war on the ground or harm civilians.
The director of threat intelligence at the security firm said it was crazy and unprecedented. There will be participants that are not under government control.
The online battles have made it difficult for governments to understand who is attacking them and how to retaliate. Both Russia and Ukraine have created channels on the chat app Telegram to direct volunteers to target specific websites.
Palestine and Syria are places where hackers have inserted themselves before. The experts said that the efforts have attracted fewer people. The hundreds of hackers racing to support their governments represent a drastic and unpredictable expansion of cyberwarfare.
It is more difficult to determine who is responsible for an online attack because of the involvement of the volunteer hackers. Some of the hackers said they were Ukrainians. Some people said they were citizens of other countries who were interested in the conflict. It was difficult to verify their identities.
Their attacks are not as sophisticated as those made by nation-state hackers. While the Russian government has quietly penetrated American government agencies and Fortune 500 companies, the participants have used simpler methods to topple or deface websites.
While their tactics appear to have been successful in some instances, security researchers cautioned it was unrealistic to believe that volunteer hackers without specialized technical expertise would play a role in the military campaign on the ground.
Lukasz Olejnik, an independent cybersecurity researcher and a former cyberwarfare adviser for the International Committee of the Red Cross, said that the land invasion is progressing and people are suffering.
The volunteer hacking force is being recruited by Ukraine. Participants in Telegram channels cheer their collaboration with the government in going after targets such as Sberbank. There has not been the same kind of calls to action from Russia, where links between the government and hacking groups have long raised alarms.
Ukraine's minister of digital transformation, Mykhailo Fedorov, directed cybersecurity enthusiasts to a Telegram channel that contained instructions for knocking Russian websites offline.
The Telegram page for the I.T. Army of Ukraine has a 14-page introductory document about how people can participate. New targets include websites, telecommunications firms, banks and A.T.M. processors.
Yegor Aushev, the co- founder of the Ukrainian cybersecurity company Cyber Unit Technologies, said he was flooded with notes after posting on social media a call for programmers to get involved. A $100,000 reward was offered for those who identified flaws in the code of Russian cyber targets.
Mr. Aushev said there were more than 1,000 people involved in his effort. If someone vouched for them, they were allowed to join. They were aiming to hit high-impact targets like infrastructure and logistics systems important to the Russian military.
The biggest hacks against Russia will be soon, Mr. Aushev said.
The work was confirmed by a government spokesman.
It's difficult to figure out who is behind a cyberattack. Groups exaggerate the impact of their actions. There were attacks against Russian targets this week. The country's largest stock exchange, a state-controlled bank and the Russian Foreign Ministry were taken offline for a time after being targeted by Ukrainian volunteers.
Pro-Ukraine volunteers targeted the sites to share uncensored information with the Russian public about the war, so they stopped reviews at some locations.
The main Russian intelligence service's website was declared a target by the group on Wednesday. A picture was posted to the I.T. Army Telegram channel showing it had been taken down, a claim that could not be independently verified.
The group said on Telegram that they could not overcome their attacks.
The worst fears of military analysts and cybersecurity experts that Russia would use cyberattacks to take down critical Ukrainian infrastructure like energy, government services and internet access have not yet been realized.
Experts warned that the involvement of nongovernment groups could cause consequences. During a cyberattack on Ukrainian government and business computer systems in 2017, a malicious software attack against one target could quickly spill over and become uncontrollable. A government might retaliate against an amateur attack for a state-backed one.
They are taking steps on behalf of the government that can have very serious consequences for civilians. The chief public policy officer at the CyberPeace Institute said this is the big risk.
The founder of Hold Security said that attacks by volunteers on the Russian government were likely to get a strong response.
Those who support the Russian government and their invasion in Ukraine are preparing to retaliate against a number of different targets.
In a Telegram channel called Russian Cyber Front, pro-Russia hackers were instructed to target a Ukrainian government website which citizens can access digital copies of their drivers licenses and other documentation. It wasn't clear if their efforts succeeded.
There have been a number of cyberattacks on Ukrainian targets over the past two weeks, but no one knows who is behind them.
Microsoft said this week that there were attacks on Ukrainian government computer systems in the days before the invasion, and Ukrainian officials said Russia was behind another attack that took down some mobile services. CyberPeace Institute says there have been attacks against an English-language news outlet and a border control station.
Last week, a group known as Conti declared its support for Russia.
The apparent result of a hacking operation, internal files from Conti began to leak online. The files exposed discussions among members of the group and some of the digital wallet they used to hold.
There was no independent verification of whether the work done by the group called Belarusian Cyber Partisans was successful.
Cyber Partisans formed in 2020 to oppose the authoritarian government of President Alexander G. Lukashenko of Belarus.
The group began working with Ukrainian activists after Russia began using the country as a staging area for the invasion.
"This is war and you fight back," said a U.S.-based spokeswoman for the Cyber Partisans.