Ukrposhta App Remains Disrupted After IT Army of Russia Claims Multi-Week Server Breach
Ukrposhta's app outage follows a claimed multi-week breach by IT Army of Russia with alleged data theft. The incident highlights logistics sector targeting without independent technical confirmation of scope. Recurring incidents point to persistent supply-chain weaknesses across Ukrainian postal operators.
The state postal operator confirmed temporary app disruptions after the attack but reported no other service outages or confirmed data loss. Restoration efforts focus solely on the mobile platform serving millions for tracking and payments. No CVEs or technical indicators have been released by Ukrposhta or CERT-UA, limiting independent verification of the intrusion vector.
The IT Army of Russia stated it had maintained access for weeks before the disruptive action, publishing claims of stolen user records and internal data on Telegram channels. Recorded Future could not confirm the exfiltration. This follows a 2024 partner-linked incident that delayed parcel processing, revealing recurring third-party supply chain exposure in Ukrposhta's payment and API layers.
Patterns show pro-Russian groups targeting logistics operators to create immediate civilian friction rather than pure espionage. Nova Poshta faced parallel phishing and DDoS campaigns, indicating coordinated pressure on Ukraine's dual civilian-military mail infrastructure. Official statements avoid naming actors while groups openly recruit insiders via cybercrime forums.
Next steps include potential data dumps and renewed recruitment posts. Monitoring Telegram activity and contract awards for Ukrposhta's IT hardening will reveal whether restoration includes segmentation or merely restarts the exposed server.
CERT-UA: Public technical indicators or data leak confirmation within 14 days if exfiltration claims hold
Sources (2)
- [1]Recorded Future News(https://therecord.media/ukraine-state-postal-operator-reports-disruption)
- [2]CERT-UA Incident Reports(https://cert.gov.ua/)