A significant cyberattack has reportedly targeted Russian military personnel, compromising hundreds of devices and triggering internal security checks. The breach is said to have occurred on the night of February 23–24 and was made public the following day by the partisan movement ATESH, which claimed responsibility for the operation.
The incident coincided with Defender of the Fatherland Day, a national holiday honoring military service. According to the group’s statement, the celebratory environment created an opportunity for attackers to distribute malicious files that were opened on personal phones and computers used by service members.
Holiday-Themed Files Used to Spread Malware
The attackers reportedly relied on deception rather than force. Malicious files were disguised as normal digital documents and shared during the holiday period, when military personnel were more likely to exchange greetings and media.
Once opened, the files installed harmful software on the devices. This type of tactic, commonly known as social engineering, manipulates users into unknowingly granting access to their own systems.
Cyberattacks disrupt Danish services as pro-Russian hackers pressure government over Ukraine
The breach is said to have affected members of the “Dnepr” and “East” military formations. Several senior officers working at headquarters were reportedly among those impacted. The malware spread across hundreds of mobile phones and computers.
After the intrusion was detected, units began conducting wide-ranging inspections. Personal mobile devices were restricted in certain areas, and official probes were initiated to trace how the virus entered military networks. Cybersecurity teams started analyzing the infected equipment to determine the scope of the breach.
Concerns Over Exposure of Russia’s Military Data
The reported cyberattack has raised alarms because of the type of data stored on Russian military devices. Phones and computers used by personnel often contain operational documents, communication logs, and internal coordination details.
One of the key concerns is the potential exposure of geographic information. If location data was accessed, it could reveal sensitive sites such as headquarters, ammunition storage facilities, and equipment repair centers. Information related to troop positioning and logistical movements may also have been at risk.
Cyberattack hits France’s La Poste days before Christmas, disrupting parcels and banking
Modern military operations depend heavily on digital tools. Maps, schedules, and internal messaging systems are frequently accessed through personal or semi-official devices. Even partial access to such information can provide valuable intelligence.
Following the incident, units reportedly carried out mass reviews of digital security practices. Temporary bans on personal devices were introduced in some divisions as a containment measure. Investigations remain ongoing as experts work to identify what information may have been extracted.
Part of a Broader Pattern of Cyber Operations
This latest cyberattack fits into a wider pattern of digital operations targeting Russian military and defense-related entities. In December 2025, several Russian defense and technology companies were reportedly hit by a cyber-espionage campaign believed to be linked to a group known as Paper Werewolf, also referred to as GOFFEE.
That operation reportedly used advanced techniques, including AI-generated decoy documents. The files appeared legitimate and included materials such as event invitations and official-style correspondence. Once opened, they installed malware designed to collect sensitive data from organizations involved in air defense and electronics production.
In another reported case, Ukrainian cyber specialists disrupted Russia’s national payment system. Thousands of network devices were affected, causing technical interruptions and operational challenges.
Anthropic says DeepSeek Moonshot and MiniMax ran coordinated distillation campaigns on Claude AI
In this case, personal devices appear to have served as entry points. Such devices often lack the stronger protections found in secure military systems. During periods of lowered vigilance, including public celebrations, the risk of accidental exposure increases.
Security reviews are continuing as specialists assess the malware and its potential impact. The scale of the device infections suggests the breach was substantial, though the full extent of compromised data has not been publicly detailed.
