Cyber Incident Victim: Myrotvorets

On September 3, 2016, the pro-Ukrainian hacker group Myrotvorets publicly leaked the personal details of Ukrainian and foreign journalists they accused of holding pro-Russian sympathies. This marked the group’s second such action within four months, following an August 2016 leak targeting journalists who had obtained press accreditation in Russian-occupied eastern Ukraine. The data breach compromised individuals affiliated with over 30 international media organizations, including CNN, Al Jazeera, Radio Free Europe, The Daily Beast, BBC, and the Associated Press. Myrotvorets justified the leak by asserting that journalists securing accreditation in pro-Russian territories inherently supported Russian interests, a rationale characterized in reporting as simplistic given journalists’ professional obligation to report from conflict zones regardless of personal political alignment. The leak exposed personally identifiable information (PPI), though specific data types were not enumerated in available sources.

The disclosure placed affected journalists at heightened physical risk within Ukraine’s wartime environment, where nationalist sentiments were inflamed. Multiple journalists reported receiving death threats via telephone and social media following both the August and September leaks. Ukrainian authorities neither condemned the breaches nor initiated visible countermeasures against Myrotvorets, with reports indicating tacit approval or celebration within some government circles. Observers interpreted this inaction as a deliberate strategy to intimidate journalists and discourage reporting from conflict areas, particularly frontline regions under Russian control. The incident underscored the operational dangers facing media personnel in conflict zones beyond immediate battlefield risks, extending to targeted harassment by non-state actors exploiting wartime divisions.