Reuters: Russia-linked hackers breach hundreds of Ukrainian prosecutor emails

A hacker group linked to Russia has compromised more than 170 email accounts belonging to Ukrainian prosecutors and investigators over the past months, according to data reviewed by Reuters.

The campaign highlights how cyber espionage is being used to monitor Ukrainian officials involved in investigations into corruption and alleged collaboration with Russia, researchers said.

The data was reportedly exposed accidentally by the hackers themselves in a publicly accessible server and later discovered by the Ctrl-Alt-Intel research group, which includes cybersecurity experts from the UK and the US. According to their findings, server logs and thousands of stolen emails indicate that at least 284 email accounts were compromised between September 2024 and March 2026.

Most of the affected accounts were located in Ukraine, while others belonged to entities in NATO member states and the Balkans. The operation was previously outlined in a blog post by Ctrl-Alt-Intel, and Reuters reviewed the underlying data, publishing details on more than a dozen affected agencies and officials.

Researchers described the incident as “a huge operational blunder,” noting that the hackers left an exposed vulnerability that allowed their activities to be studied in detail.

Ctrl-Alt-Intel attributed the campaign to the group known as Fancy Bear, a name commonly used for an alleged Russian military hacking unit. Two independent experts who reviewed the material broadly agreed with a Russian link, though they differed on direct attribution.

The apparent objective of the operation was reportedly to gain access to investigative files and potential compromising material on Ukrainian officials.

Among the affected bodies are Ukraine’s Specialised Defence Prosecutor’s Office, the Asset Recovery and Management Agency (ARMA), the Kyiv Prosecutor Training Centre, and the Specialised Anti-Corruption Prosecutor’s Office. Accounts in Romania, Greece, Bulgaria, and Serbia were also reportedly targeted, including military and defence personnel.

The Russian Embassy in Washington did not comment on the allegations. Moscow has repeatedly denied involvement in cyberattacks against other countries.

By Vugar Khalilov