Hackers, allegedly linked to Russia, have compromised dozens of email accounts of Ukrainian prosecutors, Reuters writes in an exclusive material. The attack has also affected Balkan countries, including Bulgaria, the agency added, BTA reported.
Hackers have penetrated a wide range of emails of Ukrainian investigators, including those of high-ranking officials, the agency said. The spying campaign has also affected military and government accounts in Romania, Greece, Bulgaria and Serbia. Cyber threat experts attribute the attacks to Russia, Reuters adds.
The agency's material says that hackers have penetrated more than 170 email accounts of prosecutors and investigators in Ukraine in the past few months. The agency is based on data that it has thoroughly reviewed. They provide insight into a campaign that shows how Russian services are monitoring Ukrainian officials tasked with exposing corruption and Russian collaborators in Ukraine.
The data was inadvertently "leaked" onto the internet by the hackers themselves and discovered by Ctrl-Alt-Intel - a team of British and American cyber threat experts. According to them, the inadvertently released information about the attack showed that the hackers had penetrated at least 284 mailboxes between September 2024 and March 2026. Most of the victims were in Ukraine, but there were also those in neighboring NATO countries and the Balkans.
The operation was first described last month in a blog post by Ctrl-Alt-Intel. Reuters has reviewed the initial data from the group and is now publishing details of the attacks for the first time, including the names of more than a dozen European agencies and officials affected.
The Russian embassy in Washington did not respond to requests for comment. Moscow has repeatedly denied carrying out hacking operations against other countries.
Ctrl-Alt-Intel attributed the campaign to the Russian hacking group Fancy Bear, which is linked to the Russian military. Two cybersecurity researchers - Mathieu Fau of ESET and Feike Hackebord of TrendAI - who also analyzed the data from the attack also agree that the hackers were linked to Moscow. However, Fau could not confirm Fancy Bear’s involvement, and Hackboard disputes it.
The hackers likely targeted Ukrainian law enforcement agencies to obtain information about investigations into Russian spies in Ukraine or to gather compromising information about senior officials in Kiev, said Keir Giles of the British think tank "Chatham House".
The data shows that accounts belonging to the Specialized Defense Prosecutor’s Office were attacked - a body created during the war to combat corruption and uncover spies in the Ukrainian army. The Agency for the Search and Management of Assets, as well as the Prosecutor’s Office Training Center in Kiev, were also affected. Among the victims was Yaroslava Maksimenko, who was the head of the Agency for the Search and Management of Assets at the time. The mailboxes of 44 employees at the Training Center were compromised, including that of Deputy Director Oleg Duka.
The Russians are also believed to have stolen data from at least one high-ranking official of the Specialized Anti-Corruption Prosecutor's Office, which is investigating some of the most significant corruption scandals in Ukraine.
The individuals and institutions involved did not respond to requests for comment. Ukraine's computer incident response team said it was aware of the attack and had already investigated some of the compromised cases.
Data shows that hackers also penetrated the email account of the Central City Hospital in Pokrovsk, as well as a mailbox of the city's finance committee.
Dozens of employees in neighboring NATO countries were also affected.
In Romania, at least 67 air force email accounts were compromised, including those linked to NATO bases and at least one high-ranking military officer.
In Greece, 27 accounts of the General Staff of the National Defense were affected, including those of military attaches in India and Bosnia.
In Bulgaria, hackers penetrated at least four mailboxes of local officials in the Plovdiv region, where Russian interference was alleged to have led to the shutdown of satellite navigation services ahead of a visit by the President of the European Commission Ursula von der Leyen last year. Bulgarian authorities did not respond to Reuters requests for comment.
The data also shows attacks on scientists and military personnel in Serbia - a traditional ally of Russia.