- Category
- Latest news
Russian Hackers Breach Ukrainian Prosecutors’ Emails—Then Accidentally Expose Themselves
- Authors
![Photo of Ivan Khomenko]( "Photo of Ivan Khomenko")
Russian-linked hackers compromised more than 170 email accounts belonging to Ukrainian prosecutors and investigators in a coordinated cyber campaign spanning several months.
We bring you stories from the ground. Your support keeps our team in the field.
According to Reuters on April 15, the operation targeted officials involved in anti-corruption efforts and investigations into suspected Russian collaborators. The agency reports that the campaign extended beyond Ukraine, affecting government and military-related accounts in several European countries.
The findings are based on data uncovered by Ctrl-Alt-Intel, a UK- and US-based cyber threat research group. According to Reuters, the dataset was inadvertently exposed online by the hackers themselves, allowing researchers to access logs of successful intrusions and thousands of stolen emails.
Investigators described the leak as a major operational failure, noting that the attackers had effectively left “their front door wide open.”
The analysis indicates that at least 284 email accounts were compromised between September 2024 and March 2026. The majority of victims were located in Ukraine, though additional targets were identified in Romania, Greece, Bulgaria, and Serbia.
Among the Ukrainian institutions affected were the Specialized Anti-Corruption Prosecutor’s Office, the Asset Recovery and Management Agency, and the Prosecutor Training Center in Kyiv.
According to Reuters, at least 44 accounts were breached within the training center alone, including that of deputy director Oleh Duka. The data also suggests that one senior official within the anti-corruption prosecution system—linked to high-profile investigations—was targeted.
Other compromised accounts included those associated with a municipal hospital in Pokrovsk and a local finance committee, indicating that the campaign extended beyond central government bodies.
Outside Ukraine, the scope of the operation included at least 67 email accounts connected to the Romanian Air Force, including some linked to NATO airbases. According to Reuters, 27 accounts tied to Greece’s General Staff of National Defense were also compromised, along with additional government-related accounts in Bulgaria and Serbia.
Cybersecurity researchers cited by Reuters believe the campaign was likely intended either to monitor ongoing investigations into Russian espionage networks or to obtain potentially sensitive information on Ukrainian officials.
Earlier, Ukraine’s Security Service (SBU), alongside the FBI and European partners, disrupted a Russia-linked cyber operation targeting vulnerable Wi-Fi routers. According to the SBU, GRU hackers used compromised devices to intercept data, including passwords and emails. The operation shut down over 100 servers and removed hundreds of routers from Russian control.
-9a7b3a98ed5c506e0b77a6663f5727c5.png)
