Russian Credential-Harvesting Apes Ukraine Webmail Platform

Widely Used ukr.net Is a Repeat Focus for APT28 Cyberespionage Operations Mathew J. Schwartz (euroinfosec) • December 18, 2025

Russian military intelligence has been intensively focused on a Ukrainian online platform, likely in a bid to open a window into civilian operations that support the ongoing war to push out Kremlin invaders.

See Also: OnDemand | North Korea's Secret IT Army and How to Combat It

Unit 26165 of the Main Directorate of the General Staff of the Armed Forces ran a campaign lasting at least 11 months, from June 2024 through April, to compromise users of the free, Kyiv-based ukr.net webmail and news platform. It counts roughly half of the country as users. Researchers track the GRU hacking unit as APT28 Fancy Bear, Forest Blizzard and BlueDelta, among other ...