Ukrposhta: Ukraine's state postal operator reports app disruption after cyberattack

Ukrposhta: Ukraine's state postal operator reports app disruption after cyberattack

Ukrposhta’s Mobile App Disrupted in Suspected Cyberattack by Pro-Russian Hacktivists

Ukraine’s state-owned postal service, Ukrposhta, reported temporary disruptions to its mobile application following an overnight cyberattack on its IT systems. The company confirmed that its specialists are working to restore service but did not disclose the attacker’s identity or whether data was compromised. No other operational disruptions beyond the app outage have been reported.

The pro-Russian hacktivist group IT Army of Russia claimed responsibility for the attack earlier this week, alleging it had breached Ukrposhta’s infrastructure weeks prior, accessed a server, and exfiltrated a database containing user information and internal data. These claims remain unverified.

Ukrposhta, one of Ukraine’s largest employers with 32,000 staff and over 6,000 post offices, has faced cyber threats before. In 2024, an attack on a partner’s IT infrastructure disrupted payment processing, customer accounts, and APIs, causing parcel delivery delays.

The IT Army of Russia, active since March 2025, has targeted multiple Ukrainian organizations, using cybercrime forums and Telegram to publish stolen data, recruit insiders, and gather intelligence on military and civilian infrastructure. Ukraine’s private postal operator, Nova Poshta, has also reported repeated Russia-linked cyberattacks, including phishing and DDoS incidents.

Source: https://therecord.media/ukraine-state-postal-operator-reports-disruption

Ukrposhta cybersecurity rating report: https://www.rankiteo.com/company/ukrposhta

"id": "UKR1782398039",
"linkid": "ukrposhta",
"type": "Cyber Attack",
"date": "6/2026",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"
{'affected_entities': [{'industry': 'Postal and logistics',
                        'location': 'Ukraine',
                        'name': 'Ukrposhta',
                        'size': '32,000 employees, 6,000+ post offices',
                        'type': 'State-owned postal service'}],
 'attack_vector': 'Unknown (claimed server breach and data exfiltration)',
 'data_breach': {'data_exfiltration': 'Claimed (unverified)',
                 'personally_identifiable_information': 'Potential',
                 'sensitivity_of_data': 'Potentially personally identifiable '
                                        'information (PII)',
                 'type_of_data_compromised': 'User information, internal data '
                                             '(claimed, unverified)'},
 'description': 'Ukraine’s state-owned postal service, Ukrposhta, reported '
                'temporary disruptions to its mobile application following an '
                'overnight cyberattack on its IT systems. The pro-Russian '
                'hacktivist group IT Army of Russia claimed responsibility, '
                'alleging prior access to Ukrposhta’s infrastructure and '
                'exfiltration of user and internal data. Ukrposhta confirmed '
                'the app outage but did not disclose attacker identity or data '
                'compromise.',
 'impact': {'data_compromised': 'User information and internal data (claimed, '
                                'unverified)',
            'downtime': 'Temporary disruption',
            'identity_theft_risk': 'Potential (if PII was exposed)',
            'operational_impact': 'App outage; no other operational '
                                  'disruptions reported',
            'systems_affected': 'Mobile application, IT systems'},
 'investigation_status': 'Ongoing',
 'motivation': 'Hacktivism (pro-Russian)',
 'ransomware': {'data_exfiltration': 'Claimed (unverified)'},
 'references': [{'source': 'Ukrposhta public statement'},
                {'source': 'IT Army of Russia claims (Telegram/cybercrime '
                           'forums)'}],
 'response': {'communication_strategy': 'Public statement confirming outage',
              'incident_response_plan_activated': 'Yes (specialists working to '
                                                  'restore service)',
              'recovery_measures': 'Restoring mobile app service'},
 'threat_actor': 'IT Army of Russia',
 'title': 'Ukrposhta’s Mobile App Disrupted in Suspected Cyberattack by '
          'Pro-Russian Hacktivists',
 'type': 'Cyberattack'}
Great! Next, complete checkout for full access to Rankiteo Blog.
Welcome back! You've successfully signed in.
You've successfully subscribed to Rankiteo Blog.
Success! Your account is fully activated, you now have access to all content.
Success! Your billing info has been updated.
Your billing was not updated.