A cyberattack with alleged “Russian fingerprints” on it has reportedly targeted Greece’s General Staff of National Defense (HNDGS), as part of a broader operation against Ukraine and NATO member states, cybersecurity experts were quoted as saying on Wednesday.

The incident was revealed by the group Ctrl-Alt-Intel, whose members reportedly include US and UK specialists.

The hackers were exposed after leaving stolen data accessible online. The authenticity of the leaked material was later verified by Reuters.

Greek military sources said the ostensibly compromised emails were not classified and emphasized that such incidents are effectively managed by the armed forces’ cyber defense division.

Breaches across Europe

Ctrl-Alt-Intel attributes the attack to the Russian state-linked hacking group “Fancy Bear”, though analysts from cybersecurity firms ESET and TrendAI expressed reservation regarding definitive identification.

According to the findings, hackers accessed 28 HNDGS email accounts and, in two cases, set up automatic forwarding of all incoming messages to their own servers. They also obtained contact lists containing emails from Greek ministries, law enforcement agencies, and more than 400 private entities and individuals.

Notably, the hackers reportedly acquired not only usernames and passwords but also TOTP-based two-factor authentication (2FA) secrets—allowing persistent access even after password changes.

Similar cyberattacks have been reported across eastern Europe. Specifically, in Romania at least 67 email accounts related to the Romanian air force were breached, including NATO-linked addresses, while in Bulgaria emails of regional officials in Plovdiv were compromised, in an area previously affected by alleged Russian GPS interference ahead of a 2025 visit by Commission President Ursula von der Leyen.

Additionally, in Ukraine around 170 email accounts belonging to prosecutors and law enforcement agencies were hacked, possibly to access sensitive investigations related to Russia.