Russian-Linked Hack Targets Greece’s Top Military Body in Major European Cyberattack

Greece was deed successful a sweeping Russian-linked hack that besides targeted Ukraine and different European countries. Credit: Flickr / Blockrepreneur/ CC BY 2.0

Greece was among the countries affected by a sweeping Russian-linked hacking run that chiefly targeted Ukrainian prosecutors, investigators, and different officials, according to information reviewed by Reuters. The operation, which besides reached Romania, Bulgaria, Serbia, and different parts of Europe, exposed the standard of a cyber-espionage effort aimed astatine officials handling corruption cases, subject matters, and suspected Russian collaboration.

The information was inadvertently exposed online by the hackers themselves and aboriginal discovered by Ctrl-Alt-Intel, a corporate of British and American cyber menace researchers. According to the group, the exposed server contained logs of palmy hacking operations and thousands of stolen emails, showing that astatine slightest 284 inboxes were compromised betwixt September 2024 and March 2026.

More than 170 of the hacked accounts belonged to prosecutors and investigators crossed Ukraine during the past respective months. Most of the victims were Ukrainian, but the run besides extended to neighboring NATO countries and the Balkans.

Greece Included successful the Russian-Linked Hack Target List

Among the European targets were 27 email inboxes managed by the Hellenic National Defense General Staff, Greece’s apical subject body.

The compromised accounts included those of Greek defence attachés successful India and Bosnia, arsenic good arsenic the public-facing inbox of Greece’s Joint Armed Forces Mental Health Center, the information showed.

The inclusion of Greek military-linked accounts underscores the broader determination magnitude of the operation, showing that the run was not constricted to Ukraine but besides reached information and defense-related institutions elsewhere successful Europe.

Ukraine Was the Main Focus of the Russian-Linked Hack

The main people of the cognition was Ukraine, peculiarly officials progressive successful anti-corruption enactment and investigations into Russian collaborators.

The exposed information showed that the hackers broke into accounts managed by the Specialized Prosecutor’s Office successful the Field of Defense, a wartime assemblage created to combat corruption and uncover spies wrong the Ukrainian military. They besides targeted Ukraine’s Asset Recovery and Management Agency, known arsenic ARMA, which oversees assets seized from criminals and Russian collaborators, arsenic good arsenic the Kyiv-based Prosecutor’s Training Center.

Among the victims was Yaroslava Maksymenko, who was serving arsenic ARMA main astatine the time, according to the data. At the Prosecutor’s Training Center, the hackers breached the mailboxes of 44 employees, including 1 belonging to lawman manager Oleg Duka.

The cognition besides appears to person reached astatine slightest 1 elder worker of the Specialized Anti-Corruption Prosecutor’s Office, oregon SAPO, which has handled immoderate of Ukraine’s astir high-profile corruption cases. Among them was a lawsuit that led to the resignation of President Volodymyr Zelenskiy’s main bid negotiator, Andriy Yermak, successful November.

Researchers Tie the Campaign to Moscow

Ctrl-Alt-Intel attributed the run to “Fancy Bear,” 1 of the names commonly associated with a well-known Russian subject hacking unit. The radical said the exposed server offered a uncommon model into however a Russian espionage cognition functioned.

“They conscionable made a immense operational blunder,” Ctrl-Alt-Intel said. “They near their beforehand doorway wide open.”

Two researchers who independently reviewed Ctrl-Alt-Intel’s findings agreed the hackers were tied to Moscow, though they did not afloat hold connected whether Fancy Bear was straight involved. Matthieu Faou of cybersecurity institution ESET said helium could not verify Fancy Bear’s involvement, portion Feike Hacquebord of cybersecurity institution TrendAI disputed that attribution.

Romania, Bulgaria and Serbia Also Hit

The information showed the run reached aggregate countries beyond Ukraine and Greece.

In Romania, the hackers compromised astatine slightest 67 email accounts maintained by the Romanian Air Force, including respective linked to NATO aerial bases and astatine slightest 1 elder subject officer.

In Bulgaria, astatine slightest 4 inboxes belonging to section officials successful Plovdiv state were breached. The state had antecedently drawn attraction aft allegations that Russian interference disrupted outer navigation services up of a sojourn by European Commission President Ursula von der Leyen past year.

The hackers besides targeted academics and subject officials successful Serbia, a state traditionally seen arsenic adjacent to Moscow.

Spying connected Adversaries and Allies

According to Keir Giles, an subordinate chap astatine Chatham House who reviewed a database of the victims, the apt purpose of the run was either to assistance Moscow enactment up of investigators examining Russian espionage networks oregon to stitchery perchance damaging accusation astir elder Ukrainian officials.

The leaked information besides showed that the hackers broke into the email inbox of the Central City Hospital successful Pokrovsk, a railway hub Russia has been trying to secure. Faou described the cognition arsenic lone “a tiny acceptable of activity” wrong the broader Russia-aligned espionage ecosystem.