Russia-linked hackers compromised 27 email inboxes managed by Hellenic National Defense General Staff, Greece’s top military body, according to data reviewed by Reuters.
Among those hacked were Greek defense attaches in India and Bosnia and the public-facing inbox for Greece’s Joint Armed Forces Mental Health Center.
The data was inadvertently exposed to the internet by the hackers and discovered by Ctrl-Alt-Intel, a collective of British and American cyber threat researchers, which first described it last month in a blog post.
The General Staff did not reply to a detailed list of questions on the hacking submitted by Reuters.
The hackers also broke into more than 170 email accounts belonging to prosecutors and investigators across Ukraine during the last several months, in a campaign that shows how Moscow’s spies are keeping tabs on the Ukrainian officials tasked with rooting out corruption and Russian collaborators.
Most of the victims were in Ukraine; others are from neighboring NATO countries and the Balkans.
Ctrl-Alt-Intel said the mistake provided a rare opportunity to examine the workings of a Russian espionage campaign.
The hackers “just made a huge operational blunder,” Ctrl-Alt-Intel said. “They left their front door wide open.”
The Russian embassy in Washington did not respond to requests for comment. Moscow has repeatedly denied it engages in hacking operations against other countries.
Ctrl-Alt-Intel attributed the hacking campaign to “Fancy Bear,” one of the nicknames assigned to a well-known Russian military hacking squad. Two researchers who independently reviewed Ctrl-Alt-Intel’s work – Matthieu Faou, with the cybersecurity company ESET, and Feike Hacquebord, with the cybersecurity company TrendAI – agreed the hackers were tied to Moscow. However, Faou said he could not verify Fancy Bear was involved, and Hacquebord disputed Fancy Bear’s involvement.
The hack uncovered by Ctrl-Alt-Intel represents “a small set of activity in regards to the whole Russia-aligned espionage ecosystem,” said Faou, the ESET researcher.
Scores of officials in surrounding NATO countries were also hacked, the data shows.
In Romania, the hackers compromised at least 67 email accounts maintained by the Romanian Air Force, including several belonging to NATO airbases and at least one senior military officer. The Romanian Ministry of Defense did not respond to requests for comment.
In Bulgaria, the hackers broke into at least four inboxes belonging to local officials in Plovdiv province, where Russian interference was alleged to have disabled satellite navigation services ahead of a visit by European Commission President Ursula von der Leyen last year. Bulgarian officials did not respond to comment requests.
The data also shows the spies hacked academics and military officials in Serbia, a traditional Russian ally. Serbia’s Ministry of Defense did not respond to requests for comment.
“A supposedly close relationship with Moscow is no insurance against Russian espionage,” Giles said. [Reuters]