Back

Espionage Allegations Target North Macedonia Presidential Office

Severity: Medium (Score: 53.0)

Sources: Bta.Bg, Novinite

Published: 2026-05-21 · Updated: 2026-05-21

Keywords: espionage, office, north, macedonia, president, attention, case

Summary

An espionage scandal involving the North Macedonia President's Office has emerged, with allegations of unauthorized access to classified information. An anonymous report claims that an IT administrator copied and decrypted sensitive data intended for foreign intelligence services. The investigation, initiated by the Prosecutor's Office in December 2025, is examining potential links to other staff and attempts to obstruct the inquiry. Senior officials are accused of pressuring for the case to be closed, while the Cybercrime Unit is analyzing a large volume of electronic evidence. The investigation is ongoing, with results expected to be submitted soon. The President's Office has denied retaining surveillance footage related to the incident, complicating the investigation. Key Points: • An IT administrator in the President's Office is suspected of espionage activities. • The investigation began in December 2025, focusing on unauthorized data access. • Senior officials allegedly attempted to halt the investigation into the espionage claims.

Detailed Analysis

**Impact** The alleged espionage affects the office of the President of North Macedonia and potentially the national Intelligence Agency. Confidential data from presidential administration computers may have been copied, decrypted, and intended for foreign intelligence services. The scope includes sensitive government information, with possible operational disruption due to ongoing investigations and internal pressure to halt inquiries. The incident impacts national security and governance within North Macedonia. **Technical Details** The attack vector involves unauthorized access to presidential office computer systems, with data copying and decryption by an IT administrator suspected of foreign intelligence contacts. The Cybercrime Unit initiated the investigation after receiving a tip about illegal activities, leading to court-approved data extraction from personal and portable computers. No specific malware, CVEs, or infrastructure details are mentioned. The investigation is in the evidence analysis phase, with no IOCs publicly disclosed. **Recommended Response** Defenders should prioritize monitoring for unauthorized data access and exfiltration attempts within government networks, especially targeting administrative and IT personnel accounts. Conduct thorough audits of privileged user activities and enforce strict access controls on sensitive systems. Maintain collaboration with law enforcement and cybersecurity units for timely intelligence sharing. No specific patches or malware detections are identified; focus on network and endpoint monitoring for anomalous behavior.

Source articles (2)

  • Espionage Case Targets Presidential Office in North Macedonia, Officials Deny Wrongdoing — Novinite · 2026-05-21
    A developing espionage case linked to the office of the President of North Macedonia , Gordana Siljanovska-Davkova, is drawing significant public and media attention, according to reporting cited by B…
  • Suspicions of Espionage over Alleged Leaks from North Macedonia President's Office Draw Attention — Bta.Bg · 2026-05-20
    An alleged espionage scandal involving the office of the President of North Macedonia has been drawing significant media and public attention in the country since Tuesday. The allegation was first rep…

Timeline

  • 2025-11-24 — Illegal activities reported: The Cybercrime Unit received information indicating illegal activities within the presidential administration.
  • 2025-12-18 — Investigation initiated by Prosecutor's Office: The Prosecutor's Office began a preliminary investigation into unauthorized activities in the President's Office after receiving a tip-off.
  • 2026-05-20 — Media reports on espionage allegations: Reports surfaced detailing allegations of espionage involving the President's Office, drawing public attention.
  • 2026-05-21 — Officials deny wrongdoing: Prime Minister Hristijan Mickoski criticized the anonymous report and denied any wrongdoing by the administration.

Related entities

  • Data Breach (Attack Type)
  • Basic Criminal Court (Company)
  • Intelligence Agency (Company)
  • Ministry Of Interior (Company)
  • Office Of The President Of North Macedonia (Company)
  • Presidential Administration Of North Macedonia (Company)
  • Prosecutor's Office For Combating Organized Crime And Corruption (Company)
  • North Macedonia (Country)
  • Government (Industry)
  • T1041 - Exfiltration Over C2 Channel (Mitre Attack)
Loading threat details...

Threat Not Found

The threat cluster you're looking for doesn't exist or has been removed.

Return to Feed