Major Security Breach: Romanian Air Force Accounts Hacked by Russian Military Hackers

Cyberattacks linked to a GRU-associated group expose vulnerabilities across multiple European defense systems

Editorial Team

7/9/20263 min read

At least 67 Romanian Air Force email accounts were targeted in a series of cyberattacks carried out by the Russian military hacker group known as Fancy Bear, according to an analysis cited by Reuters. These attacks, which took place between September 2024 and March 2026, highlight a significant cybersecurity breach (breșă de securitate cibernetică) affecting sensitive military structures. The Ministry of National Defense confirmed that 30 of these accounts were compromised, while the rest of the attempted intrusions were successfully blocked through existing cyber defense systems (sisteme de apărare cibernetică).

Authorities emphasized that the affected accounts were not used to transmit classified information but were primarily involved in administrative communication. However, the scale of the intrusion raises concerns about data vulnerability (vulnerabilitate a datelor) and the potential risks associated with unauthorized access. In response, the Ministry centralized its cybersecurity protocols, reinforcing a more unified data protection framework (cadru de protecție a datelor) to prevent future incidents.

The seriousness of the situation is amplified by the strategic role of the Romanian Air Force, which is responsible for protecting national airspace and coordinating defense operations. In the current geopolitical climate, particularly in the context of the war in Ukraine and tensions in the Black Sea region, any disruption to this structure represents a critical security risk (risc de securitate). The involvement of accounts linked to NATO bases further elevates the issue, transforming it into a broader allied security concern (problemă de securitate aliată).

The attacks occurred in an already tense environment marked by increasing hybrid warfare tactics. President Nicuşor Dan recently warned that Russia is intensifying efforts to destabilize Western institutions through cyber operations and other non-conventional means. These actions are part of a broader hybrid warfare strategy (strategie de război hibrid) aimed at gaining strategic advantages without direct military confrontation.

International cooperation has proven essential in countering such threats. Romanian intelligence services, working alongside partners such as the FBI and agencies from multiple countries, managed to prevent a large-scale cyberattack orchestrated from Moscow. This underscores the importance of intelligence sharing (schimb de informații) and coordinated responses in defending against increasingly complex cyber threats.

"Russia continues its hybrid war against Western countries and only those with bad faith do not see this. Romania must improve its cybersecurity and continue to collaborate with Western partners,” declared President Nicuşor Dan, emphasizing the urgency of strengthening national resilience against cyber threats (amenințări cibernetice).

Further investigations reveal that these attacks are part of a much wider campaign extending beyond Romania. In Greece, hackers compromised multiple email accounts belonging to the General Staff of National Defense, including those of military officials stationed abroad. This demonstrates a coordinated effort to infiltrate key institutions and exploit institutional weaknesses (slăbiciuni instituționale) across different countries.

In Bulgaria, cyberattacks targeted officials in strategically important regions, coinciding with politically sensitive events. Such timing suggests deliberate coordination, reinforcing the idea of a broader geopolitical operation (operațiune geopolitică) designed to influence or disrupt decision-making processes at critical moments.

Even Serbia, traditionally seen as closer to Moscow, was not exempt from these operations. Hackers targeted both academic and military figures, indicating that the objective is not only destabilization but also surveillance and influence. This reflects a comprehensive intelligence-gathering effort (efort de colectare de informații) that extends across political and social sectors.

Ukraine appears to have been the most heavily impacted, with over 170 email accounts belonging to prosecutors and investigators compromised. These individuals were directly involved in anti-corruption efforts and investigations into pro-Russian activities, making them strategic targets in attempts to weaken judicial integrity (integritate judiciară) and internal security systems.

Overall, researchers estimate that at least 284 email accounts were compromised during this period in a campaign attributed to the GRU-linked Fancy Bear group. The scale and coordination of these operations point to a highly organized and persistent cyber espionage campaign (campanie de spionaj cibernetic) that leverages both technical vulnerabilities and strategic timing.

Experts note that such attacks often rely on exploiting everyday technologies, including routers and common communication systems, transforming them into tools for covert surveillance. This highlights the growing importance of securing not only high-level infrastructure but also basic digital systems within the broader cybersecurity ecosystem (ecosistem de securitate cibernetică).

The overall picture is one of a sustained and sophisticated offensive targeting Europe’s security architecture. From Bucharest to Athens and from Kiev to Belgrade, similar patterns indicate a coordinated approach aimed at weakening institutional defenses. In this evolving digital battlefield, each compromised account represents a potential gateway to sensitive information, reinforcing the need for continuous vigilance and stronger defensive capabilities (capacități defensive).

Key Romanian Vocabulary

breșă de securitate cibernetică cybersecurity breach
sisteme de apărare cibernetică cyber defense systems
vulnerabilitate a datelor data vulnerability
cadru de protecție a datelor data protection framework
risc de securitate security risk
problemă de securitate aliată allied security concern
strategie de război hibrid hybrid warfare strategy
schimb de informații intelligence sharing
amenințări cibernetice cyber threats
slăbiciuni instituționale institutional weaknesses
operațiune geopolitică geopolitical operation
efort de colectare de informații intelligence-gathering effort
integritate judiciară judicial integrity
campanie de spionaj cibernetic cyber espionage campaign
ecosistem de securitate cibernetică cybersecurity ecosystem
capacități defensive defensive capabilities

For requests or suggestions: pr@learnromenian.org

Learn the official language of Romania in 30 days thanks to the most complete grammar, vocabulary and culture course available. 

Start speaking Romanian today!

© 2026 All rights reserved

Land of Living Traditions