Cyber Incident Victim: Government of Moldova
Date:
Nov 2022
Location:
Moldova
Summary
A hack-and-leak operation targeting Moldova's government exposed private Telegram communications of high-ranking officials, including the Justice Minister and a national security advisor, through a website called Moldova Leaks. The leaked messages allegedly revealed manipulation of an anticorruption prosecutor appointment and sparked political turmoil, with pro-Russian opposition factions leveraging the scandal to demand dismissals. The government denounced the leaks as fabricated or decontextualized, attributing them to Russian hybrid warfare aimed at destabilizing its pro-European leadership. Officials suggested potential involvement by Russian military intelligence (GRU), noting the operation coincided with legal efforts to ban the pro-Russian Șor party, which faces accusations of threatening national sovereignty. Investigations into the breach are ongoing.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 2 motives | 1 technique |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
In mid-November 2022, a newly created website named Moldova Leaks began publishing private Telegram conversations belonging to high-ranking Moldovan officials, triggering a significant political crisis. The initial leaks targeted Sergiu Litvinenco, Moldova’s Minister of Justice, revealing messages that allegedly implied the Anticorruption Prosecutor contest was manipulated to ensure Veronica Dragalin’s appointment to the position she currently holds. Subsequent leaks compromised Dorin Recean, the Defense and National Security Advisor to the President and former Minister of Internal Affairs. The leaked communications were swiftly leveraged by pro-Russian opposition parties, which framed them as evidence of corruption and demanded the dismissal of both Litvinenco and Dragalin. These opposition figures, many under active corruption investigations themselves, stood to benefit from the removal of officials overseeing their prosecutions. The Moldovan government confirmed the authenticity of some leaked messages but asserted others were altered or taken out of context, characterizing the operation as part of Russia’s hybrid warfare strategy to destabilize the pro-European administration. Litvinenco further disclosed that President Maia Sandu’s Telegram account had been compromised, suggesting she might be the next target listed on the Moldova Leaks site.
The incident prompted immediate responses from Moldovan authorities, with Litvinenco publicly questioning whether Internal Affairs Minister Ana Revenco’s department—which possessed technical capabilities to access such communications—might be involved, though Revenco had previously accused Russia of fomenting instability. An official investigation was launched to identify the perpetrators, with cybersecurity experts speculating about the involvement of Russia’s GRU military intelligence, known for historical hack-and-leak operations advancing Kremlin interests. The leaks coincided thematically and temporally with Moldova’s broader political tensions, occurring on the same day the government initiated a constitutional review of the pro-Russian Șor party—a faction financed by Moscow and led by Ilan Șor, central to a 2014 banking scandal involving $1 billion in missing funds. The government alleged the Șor party endangered national sovereignty, while analysts interpreted Moldova Leaks as a potential countermeasure to discredit anti-corruption efforts and bolster pro-Russian factions. The leaks intensified existing divisions within Moldova’s political landscape, amplifying scrutiny on judicial integrity and reinforcing accusations of foreign interference amid ongoing corruption cases against former pro-Russian president Igor Dodon and his allies.