Russian Hackers Breach Over 170 Ukrainian Prosecutor Email Accounts

Severity: High (Score: 74.0)

Sources: Kyivindependent, Globalbankingandfinance, News.Az, www.reuters.com, English.Nv.Ua

Summary

A hacking campaign attributed to a Russia-linked group, likely Fancy Bear, compromised over 284 email accounts belonging to Ukrainian prosecutors and investigators from September 2024 to March 2026. The breach was discovered through inadvertently exposed data by the hackers, identified by Ctrl-Alt-Intel, a collective of British and American cyber threat researchers. The targeted accounts included those from the Specialized Anti-Corruption Prosecutor's Office (SAPO) and the Asset Recovery and Management Agency (ARMA). Additionally, the hackers accessed accounts of officials in neighboring NATO countries, including the Romanian Air Force and Greece's military. Analysts suggest the hackers aimed to gather intelligence on ongoing investigations into Russian spies or to obtain compromising information on Ukrainian officials. The Russian embassy in Washington has not responded to inquiries regarding the breach. The incident highlights the ongoing cyber espionage efforts linked to Moscow amidst the ongoing conflict in Ukraine. Key Points: • Over 284 email accounts of Ukrainian prosecutors and investigators were compromised. • The breach was attributed to a Russia-linked group, likely Fancy Bear. • The hackers targeted not only Ukraine but also officials in NATO countries.

Key Entities

• Fancy Bear (apt_group)
• Data Breach (attack_type)
• ARMA (company)
• Central City Hospital In Pokrovsk (company)
• General Staff Of National Defense (company)
• Greece’s Joint Armed Forces Mental Health Center (company)
• Hellenic National Defense General Staff (company)
• Bulgaria (country)
• Greece (country)
• India (country)
• Romania (country)
• Russia (country)
• T1078 - Valid Accounts (mitre_attack)