Greece was among the countries affected by a sweeping Russian-linked hacking campaign that primarily targeted Ukrainian prosecutors, investigators, and other officials, according to data reviewed by Reuters. The operation, which also reached Romania, Bulgaria, Serbia, and other parts of Europe, exposed the scale of a cyber-espionage effort aimed at officials handling corruption cases, military matters, and suspected Russian collaboration.
The data was inadvertently exposed online by the hackers themselves and later discovered by Ctrl-Alt-Intel, a collective of British and American cyber threat researchers. According to the group, the exposed server contained logs of successful hacking operations and thousands of stolen emails, showing that at least 284 inboxes were compromised between September 2024 and March 2026.
More than 170 of the hacked accounts belonged to prosecutors and investigators across Ukraine during the last several months. Most of the victims were Ukrainian, but the campaign also extended to neighboring NATO countries and the Balkans.
Greece Included in the Russian-Linked Hack Target List
Among the European targets were 27 email inboxes managed by the Hellenic National Defense General Staff, Greece’s top military body.
The compromised accounts included those of Greek defense attachés in India and Bosnia, as well as the public-facing inbox of Greece’s Joint Armed Forces Mental Health Center, the data showed.
The inclusion of Greek military-linked accounts underscores the broader regional dimension of the operation, showing that the campaign was not limited to Ukraine but also reached security and defense-related institutions elsewhere in Europe.
Ukraine Was the Main Focus of the Russian-Linked Hack
The main target of the operation was Ukraine, particularly officials involved in anti-corruption work and investigations into Russian collaborators.
The exposed data showed that the hackers broke into accounts managed by the Specialized Prosecutor’s Office in the Field of Defense, a wartime body created to combat corruption and uncover spies within the Ukrainian military. They also targeted Ukraine’s Asset Recovery and Management Agency, known as ARMA, which oversees assets seized from criminals and Russian collaborators, as well as the Kyiv-based Prosecutor’s Training Center.
Among the victims was Yaroslava Maksymenko, who was serving as ARMA chief at the time, according to the data. At the Prosecutor’s Training Center, the hackers breached the mailboxes of 44 employees, including one belonging to deputy director Oleg Duka.
The operation also appears to have reached at least one senior employee of the Specialized Anti-Corruption Prosecutor’s Office, or SAPO, which has handled some of Ukraine’s most high-profile corruption cases. Among them was a case that led to the resignation of President Volodymyr Zelenskiy’s chief peace negotiator, Andriy Yermak, in November.
Researchers Tie the Campaign to Moscow
Ctrl-Alt-Intel attributed the campaign to “Fancy Bear,” one of the names commonly associated with a well-known Russian military hacking unit. The group said the exposed server offered a rare window into how a Russian espionage operation functioned.
“They just made a huge operational blunder,” Ctrl-Alt-Intel said. “They left their front door wide open.”
Two researchers who independently reviewed Ctrl-Alt-Intel’s findings agreed the hackers were tied to Moscow, although they did not fully agree on whether Fancy Bear was directly involved. Matthieu Faou of cybersecurity company ESET said he could not verify Fancy Bear’s involvement, while Feike Hacquebord of cybersecurity company TrendAI disputed that attribution.
Romania, Bulgaria and Serbia Also Hit
The data showed the campaign reached multiple countries beyond Ukraine and Greece.
In Romania, the hackers compromised at least 67 email accounts maintained by the Romanian Air Force, including several linked to NATO air bases and at least one senior military officer.
In Bulgaria, at least four inboxes belonging to local officials in Plovdiv province were breached. The province had previously drawn attention after allegations that Russian interference disrupted satellite navigation services ahead of a visit by European Commission President Ursula von der Leyen last year.
The hackers also targeted academics and military officials in Serbia, a country traditionally seen as close to Moscow.
Spying on Adversaries and Allies
According to Keir Giles, an associate fellow at Chatham House who reviewed a list of the victims, the likely aim of the campaign was either to help Moscow stay ahead of investigators examining Russian espionage networks or to gather potentially damaging information about senior Ukrainian officials.
The leaked data also showed that the hackers broke into the email inbox of the Central City Hospital in Pokrovsk, a railway hub Russia has been trying to secure. Faou described the operation as only “a small set of activity” within the broader Russia-aligned espionage ecosystem.
See all the latest news from Greece and the world at Greekreporter.com. Contact our newsroom to report an update or send your story, photos and videos. Follow GR on Google News and subscribe here to our daily email!
