Ukrposhta Mobile App Disrupted After Cyberattack Claimed by Pro-Russian Hacktivists
Ukraine's state postal operator Ukrposhta reported a cyberattack disrupting its mobile app, with a pro-Russian group claiming responsibility.
Ukraine's state-owned postal operator, Ukrposhta, confirmed on Thursday that its mobile application has suffered temporary disruptions following an overnight cyberattack on the company's IT systems. The organization described the incident as an "enemy" attack, though it did not immediately attribute the breach to any specific threat actor. Ukrposhta's specialists are actively working to restore the service, and the company has pledged to restore normal app functionality as soon as possible.
The attack targeted Ukrposhta, which is Ukraine's national postal operator and one of the country's largest employers, with about 32,000 employees and more than 6,000 post offices nationwide. The disruption appears to be limited to the mobile app, and the organization has not reported any broader operational impacts or data compromise. Ukrposhta did not immediately respond to requests for additional comment.
Earlier this week, a pro-Russian hacktivist group calling itself the IT Army of Russia claimed responsibility for the attack. The group alleged that it had breached Ukrposhta's infrastructure several weeks earlier, gained access to one of the company's servers, and exfiltrated a database containing user information along with other internal data. Recorded Future News could not independently verify the group's claims.
The IT Army of Russia emerged in March 2025 and has since claimed responsibility for numerous cyberattacks targeting Ukrainian organizations. Security researchers have previously noted that the group uses cybercrime forums and Telegram to publish allegedly stolen data, recruit insiders within Ukraine's critical infrastructure, and solicit intelligence on Ukrainian military and civilian infrastructure for future attacks. This pattern of activity aligns with the ongoing cyber conflict between Russia and Ukraine.
Ukrposhta has experienced cyber incidents before. In 2024, the company said an attack on the IT infrastructure of one of its partners disrupted payment processing, customer accounts, and application programming interfaces (APIs), causing temporary delays in parcel deliveries. Ukraine's largest private postal operator, Nova Poshta, has also reported repeated Russia-linked cyberattacks in recent years, including phishing campaigns and distributed denial-of-service attacks targeting its systems.
This latest attack underscores the persistent cyber threat facing Ukrainian state-owned enterprises and critical infrastructure. As the conflict continues, both state-sponsored and hacktivist groups aligned with Russia have increasingly targeted Ukrainian logistics and communications systems to disrupt daily life and erode public trust. The IT Army of Russia's claims of data exfiltration, if true, could expose Ukrposhta customers to further risks, though no evidence of stolen data being published has emerged so far.
The incident highlights the broader cybersecurity challenges for Ukraine's postal and logistics sector, which has been a repeated target of Russian-linked cyber operations. As Ukrposhta works to restore its mobile app, the episode serves as a reminder of the ongoing digital warfare that accompanies the physical conflict, with hacktivist groups seeking to amplify the impact of their attacks through public claims and threats.