Russian hackers have breached the email accounts of Ukrainian prosecutors: what is known
15 April 15:10
According to Reuters, over the past few months, hackers linked to Russia have hacked more than 170 email accounts belonging to Ukrainian prosecutors and investigators. This campaign is directed against government officials involved in the fight against corruption and the prosecution of collaborators, the agency reports, as cited by "Komersant Ukrainian".
Hackers accidentally left data on a server
Reuters cites an analysis of data accidentally posted online by the hackers and discovered by Ctrl-Alt-Intel, an independent British-American cyber threat research group. The data left on the server includes logs of successful hacking operations and thousands of stolen emails. The hackers “simply made a huge operational mistake” by leaving “their front door wide open,” investigators from Ctrl-Alt-Intel stated.
In addition to Ukrainian accounts, hackers breached the email accounts of officials in other countries. In total, at least 284 such incidents occurred between September 2024 and March 2026.
The SAPO, ARMA, and the Prosecutors’ Training Center were affected by the breach
The agency also lists potential victims of the hack. Among others, access was gained to at least one email account of Ukraine’s Specialized Anti-Corruption Prosecutor’s Office (SAPO), which has investigated high-profile corruption scandals in the country, journalists claim. Additionally, according to their data, Yaroslava Maksymenko, who has been temporarily serving as head of Ukraine’s Asset Recovery and Management Agency (ARMA) since August 2025, was affected by the hack.
According to Reuters, hackers also breached the email system of the Specialized Prosecutor’s Office for Defense, established to combat corruption and identify spies within the Ukrainian military, as well as the Ukrainian Prosecutors’ Training Center in Kyiv. At the prosecutor training center, the email accounts of 44 employees were hacked, including those of Deputy Director Oleg Duka, the agency notes. Among others, the accounts of the Central City Hospital in Pokrovsk and the city’s finance committee were compromised.
Email hacks in Romania, Bulgaria, Greece, and Serbia
In Romania, hackers breached at least 67 email accounts linked to the country’s Air Force, Reuters reports. Among them were several accounts belonging to NATO air bases in Romania and at least one high-ranking military officer.
In Bulgaria, at least four accounts of local officials in Plovdiv were affected by a hacker attack; earlier, due to a GPS malfunction, a plane carrying European Commission President Ursula von der Leyen had to land using paper maps. Russia is suspected of jamming the GPS signal, the EC reported in September 2026.
In addition, there are reports of a breach of 27 email accounts belonging to the Greek Army General Staff, as well as the email accounts of Serbian scientists and military officials.
Hackers linked to Russia
Investigators at Ctrl-Alt-Intel link this campaign to hackers from the Fancy Bear group, which is believed to be linked to Russia. Two researchers who independently examined this data at the request of Reuters agreed that the hacks were linked to Russia but did not confirm Fancy Bear’s involvement.
There have been repeated reports of hacks targeting the email accounts of officials, government agencies, and companies in European countries and Ukraine, in which Russian hackers are suspected. In particular, in Germany, warnings have been issued in recent weeks about router hacks at government agencies and phishing on social media.
