On 12 June, hacker groups InformNapalm and Militant Intelligence released several leaked documents obtained from JSC Russian Helicopters—a major Russian helicopter manufacturing company. According to the groups, they obtained all of the company’s international contracts, supply routes, and payment documents of the company revealing extensive foreign cooperation with Russia’s defense sector.

InformNapalm stated that the cyber operation coincided with Russia’s national holiday.

“Today, 12 June, the terrorist state celebrates ‘Russia Day’,” the group wrote.

The leak was described as symbolic “greetings with a noose” for Russia, meant to expose the vulnerabilities of its military-industrial complex.

InformNapalm denounced the White House’s currently consistent weak stance towards Moscow, pointing out that the US Cyber Command halted cyber operations against Russia during Donald Trump’s presidency. As a result, the group said, “volunteers and enthusiasts” now carry out cyber operations against Russian targets.

Wider cyber operation

The report says that the cyberattack was part of a broader campaign labeled OpsHackRussia’sDay, which, according to the hackers, targeted a network of Russian corporations tied to the defense industry. JSC Russian Helicopters, a holding that unites all Russian helicopter manufacturers, is among the breached entities. The company operates under Oboronprom, itself a subsidiary of the state-owned conglomerate Rostec.

“As a result of the hack, [JSC Russian Helicopters’] all international contracts, supply routes, bank receipts, accounts from India and other countries were exposed, including embassy archives and Ministry of Defense documents,” InformNapalm wrote.

Documents reportedly mention India, Egypt, Algeria, Indonesia, Laos, Cuba, Kenya, and Uganda. The leaked content includes full detail on tenders, clients, correspondence, staffing schedules, travel routes, banking relations, and coordination with the Russian Ministry of Industry and Trade.

Military logistics and foreign involvement

Among the disclosed data, Egypt is named as a logistics hub for Mi-17V-5 maintenance, while Bulgaria appears in supply chain and repair cooperation schemes, according to the report. Other nations named include Azerbaijan and North Macedonia. The documents mention entities like RAWAN HANS in India and detail procurement pathways through Algeria and Indonesia, often using third-country routes.

Hackers promise more data, predict fallout

The publication claims the leak will lead to serious disruptions:

“This release will bring major problems to their defense sector and expose their international customers and partners who tried to stay hidden.”

The group anticipates “contract terminations, sanctions tightening, and global scandals.”

According to InformNapalm, part of the obtained information is already in use for Ukraine’s defense, and more data will be published over time.

Exclusives

“Bakhmut wasn’t the darkest”: Ukrainian medic exposes Russia’s deadlier strategy from the war’s new hell. As the world debates peace, Mykhailo Malinovskyi’s combat diary exposes the brutal truth: the Ukraine war everyone knew is over, replacing Bakhmut’s past hell with “one chance in a hundred.”

Putin’s hackers had priorities: First the hookers, then maybe Ukraine — leaked chats reveal. Putin’s plan for Ukraine included tanks on the ground and hackers in the network. The tanks rolled in. The Insider reveals why the hackers didn’t.

Surprisingly, Russian soldiers used scissors to down a Ukrainian fiber-optic drone — but Kyiv also knows a trick or two. The latest Russian defense against Ukraine’s best fiber-optic drones is a pair of scissors. It actually works! But there’s no way the Russians can deploy it very widely.

“Retaliation” headlines are a gift to the Kremlin—and a betrayal of Ukraine. Three years of systematic slaughter doesn’t become “retaliation” because Ukraine finally fought back.

Military

Frontline report: Russia faces oil price collapse as OPEC+ hikes production again. With Urals crude at its lowest since 2023, Moscow’s budget faces major damage.

ISW: Russian forces advance to Dnipropetrovsk Oblast border. The Russian officials are “likely setting information conditions to illegally declare Dnipropetrovsk Oblast annexed.”

Ukrainian drones target drone-producing Tatarstan in Russia. Meanwhile, Russia imposes new fines and censorship policies, aiming to prevent public access to evidence contradicting official interception claims.

Five-year window: NATO chief warns Russia could strike alliance members by 2030. Russia could launch military operations against NATO states before 2030 without fully restoring its pre-2022 force levels, the Institute for the Study of War confirmed.

Intelligence and technology

Norway transfers over twice the number of F-16s promised to Ukraine. Norway’s arms report indicates eight more aircraft than declared.

Ukrainian jamming drone downs Russian Molniya-2 without a shot (video). The method allows re-using of the interceptor against cheap mass-produced Russian drones, crucial in the ongoing drone arms race.

Ukraine’s Lyut’ Brigade deploys Spanish BMR M-600 armored vehicles. A military Telegram account revealed a rare look at new equipment in use.

US sending 20,000 Ukraine-bound anti-drone missiles to Middle East, Zelenskyy says. The transfer to Ukraine was reportedly previously approved by the Biden administration.

Half of North Korea’s first missile shipment to Russia exploded in mid-air — now they strike Ukrainian targets with deadly precision. Russia desperately needs missiles. North Korea hungers for forbidden technology.

Russia just gave North Korea the blueprint for Iran’s long-range killer drones, Ukraine’s spy chief says. Ukrainian intelligence chief Budanov confirms Pyongyang will soon make its own Shaheds with Moscow’s full backing.

International

Israel says it didn’t send Patriots to Ukraine, denying its envoy’s claim. Ambassador Brodsky claimed Israel provided Ukraine with military aid, allegedly including the Patriot air defense systems.

Peace talks or war? Russia may choose both to avoid Western sanctions. Sergey Lavrov pulled back the curtain on Russia’s twisted diplomatic strategy: keep talking and keep fighting,

EU to drop roaming fees for Ukraine and Moldova starting 2026. For the first time, the EU has opened access to “Roaming Like at Home” to non-member candidates.

Only 40% of Russian capacity under sanctions, EU must step up, Lithuania says. The Lithuanian foreign minister says the EU has more work to do on sanctioning Russia’s economy.

Ukraine says Russia ignoring ceasefire proposal, giving only ultimatums and escalating attacks. After proposing a ceasefire and humanitarian steps recently in Istanbul, Kyiv says Russia stayed silent.

Humanitarian and social impact

From hell to healing: Ukraine starts POW return under Istanbul agreement. After years in Russian captivity, Ukraine’s most gravely injured defenders are finally coming home.

Doctor’s desperate act: Breaking medical ethics to show world Russia’s torture of Ukrainian POWs. Unable to stay silent while examining the tortured body of a Ukrainian hero, he made a choice that violated patient privacy but served a higher truth.

Russia kills woman in Kyiv in one of worst air attacks on city, strikes maternity hospital in Odesa. Among Russia’s targets were three hospitals, residential houses, businesses, a former consulate, and a stadium. Two more people were killed in Odesa.

Body recovered in Kharkiv after Russia’s 7 June attack, five still missing. Rescuers continue searching the rubble of a bombed enterprise in Kyivskyi District.

Injured teen dies a week after Russian attack on Sumy. A 17-year-old boy, injured during the 3 June strike, has passed away in hospital, becoming the sixth to perish from the rocket strike, local officials say.

Read our earlier daily review here.

When Vladimir Putin launched his invasion of Ukraine in February 2022, Russian cyber warfare was supposed to be a game-changer. Intelligence agencies worldwide expected devastating digital attacks to cripple Ukrainian power grids, government systems, and military communications within hours.

Instead, the cyber offensive largely failed – and now exclusive leaked documents reveal why. GRU Unit 29155, Putin’s most notorious kill squad responsible for poisoning dissidents with Novichok and bombing weapons depots across Europe, had secretly built a hacking unit specifically for this moment. But their digital army was undone by the very traits that define modern Russia: corruption, incompetence, and personal scandals.

A year-long investigation by The Insider reconstructed this hidden history with surprising ease. By examining call logs, travel records, and leaked internal chats, investigators identified dozens of GRU hackers—convicted cybercriminals, young university recruits, and seasoned saboteurs with no technical training.

Their common weakness? Extraordinary sloppiness.
Many used personal phones and real identities when conducting operations or arranging meetings with mistresses and sex workers. The investigation reveals for the first time how Unit 29155’s hackers prepared for the invasion – and why their own incompetence doomed them to fail.

The spies who couldn’t keep secrets

Unit 29155’s cyber operations began modestly in 2012 under Tim Stigal (real name probably Timur Magomedov), an ethnic Chechen blogger from Dagestan recruited by then-GRU director Igor Sergun. Operating under the alias “Key,” Stigal initially focused on disinformation in Azerbaijan before expanding to more ambitious false-flag operations.

In 2016, they penetrated Qatar’s largest state bank, stealing 1.5 GB of customer data and falsely attributing the hack to Turkish nationalists. They impersonated Ukraine’s Right Sector, a far-right nationalist group, to inflame tensions with Poland, and created fake “Anonymous” accounts to target Bellingcat, an independent investigative outlet known for exposing Russian intelligence operations.

Their most valuable asset became Dilyana Gaytandzhieva, a Bulgarian journalist who, according to investigators, maintained contact with GRU operatives and published material advancing Kremlin disinformation—most notably, conspiracy theories accusing the US of running secret bioweapons labs in Eastern Europe. In 2019, she launched ArmsWatch.com, a site styled as an investigative outlet but used to publish hacked documents and reinforce Russian intelligence narratives in the run-up to the war in Ukraine.

Preparing for war

By 2021, as Russia prepared for its invasion, Unit 29155’s cyber efforts in Ukraine escalated sharply. The unit paid locals $1–5 to spray anti-Zelenskyy graffiti across Ukrainian cities and infiltrated nationalist groups like the Azov Battalion, with Stigal impersonating Akhmed Zakayev, a pro-Ukrainian Chechen separatist leader living in exile in London, to gain the trust of nationalist groups and individuals—one of whom is now serving in the Ukrainian Armed Forces.

They compiled dossiers on key Ukrainian officials, including Ihor Zhovkva, deputy chief of President Zelenskyy’s office. In October 2021, a Molotov cocktail was thrown at Zhovkva’s home in Kyiv by a 20-year-old who said he had been promised $7,000—the exact sum recorded in Unit 29155’s expense logs for “processing Zhovkva.”

When Colonel Yuriy Denisov, the overseer of Unit 29155’s hackers, saw news of the attack, he left a telling comment in a chat group: “idiots.”

Server records show the hackers spoofed websites for Zelenskyy’s office and Ukrainian ministries, setting up spear-phishing campaigns and credential theft targeting energy providers, anti-corruption agencies, and military infrastructure.

The new generation

Starting in 2019, Unit 29155 began recruiting from university coding competitions in Russia’s Voronezh. These recruits — nicknamed “eaglets” — were managed by GRU officer Roman Puntus and paid salaries of 400,000 rubles ($5,100) per month.

The first recruit, Vitaly Shevchenko, a 22-year-old Moldova-born hacker, successfully breached Estonia’s Ministry of Defense. He and five others — Borovkov, Denisenko, Goloshubov, Korchagin, and Amin Stigal (Tim’s son) — were later indicted by the US Department of Justice for the WhisperGate campaign, a pre-invasion cyberattack that deployed data-wiping malware across Ukrainian government and infrastructure networks.

Sex, lies, and cyber warfare

As the war neared, the cyber unit began to collapse. Stigal resigned or was sidelined due to COVID-19 illness, replaced by Puntus, who turned out to be more invested in romantic escapades than cyber sabotage.

The affair that doomed a cyber war: GRU officer Roman Puntus began a long-term relationship with accountant Darya Kulishova, whom he installed as the nominal head of a shell company called Aegaeon-Impulse. He made frequent luxury trips from Moscow to Sochi to visit her. By November 2023, Kulishova had given birth to his son—while Puntus funneled GRU funds through the company to support his second family.

Meanwhile, Colonel Yuri Denisov left a massive digital footprint: over 687 Telegram messages full of racism, anti-LGBT hate, and criticism of military leadership. He reused a single phone number across four cover identities — exposing the unit’s entire hacker network.

The failed invasion

When the invasion began in February 2022, Unit 29155’s cyber efforts fizzled. Rather than disabling Ukraine’s power grid, they managed only cosmetic website defacements. On January 13–14, they falsely claimed to have deleted government databases — which Ukrainian authorities later confirmed remained intact.

Their main server, Aegaeon, was left unprotected and discovered by hacktivists. Its mythological namesake — a traitorous titan punished for betrayal — proved painfully apt.

A broader shadow war

Though Unit 29155’s cyber operatives failed spectacularly in Ukraine, they haven’t vanished. Intelligence sources say they’ve repurposed their flawed tactics for a broader shadow war across Europe. Using playbooks first developed for Ukraine, GRU agents now recruit saboteurs via Telegram, offering cryptocurrency payments for arson attacks on NATO facilities and critical infrastructure.

The Insider’s investigation exposes how one of Russia’s most feared covert units, built for hybrid warfare, collapsed under the weight of corruption, dysfunction, and internal betrayal. Their mission didn’t fall to enemy fire — it failed from within.

In the end, Russia’s greatest cyber threat wasn’t the West. It was Russia itself.

Russia-linked hackers posed as journalists to target staff at Britain’s Ministry of Defence in a cyber spying operation that was spotted and thwarted, Sky News reported on 29 May, citing the British government.

The attack was part of more than 90,000 cyber attacks from hostile states directed against UK military and defence structures over the past two years. This represented a doubling from the previous two years, according to the Ministry of Defence.

Defence Secretary John Healey said that the foiled hack during a visit to a secure facility in Wiltshire. The location houses the defence team that defeated the Russian cyber attack.

“The nature of warfare is changing,” Healey told journalists. “The keyboard is now a weapon of war and we are responding to that.”

The National Cyber Security Centre alerted the Ministry of Defence to a suspected spear phishing campaign late last year. The Global Operations Security Control Centre at MoD Corsham in Wiltshire identified the threat.

“MoD detected a spear phishing campaign targeting staff with the aim of delivering malware,” the NCSC analysis said. “The initial campaign consisted of two emails with a journalistic theme attempting to represent a news organisation.”

The hackers followed up with a second wave of attacks, which followed a financial theme, directing targets to a commercial file share, according to the NCSC.

Officials said it took about an hour to spot the attack. When asked what it felt like to discover the intrusion, one individual said “cool.”

The malware was linked to a Russian hacking group called RomCom, a second official said. The particular code had not been seen before. The British side gave it the name “Damascened Peacock.”

The increase in attacks is partly because the military is getting better at spotting attempts against its networks. However, the attacks are becoming more sophisticated and harder to combat, according to the report.

Healey said the government plans to invest more than £1bn ($1,4 bn) on improving its ability to hunt, locate and strike targets on the battlefield using digital technology. The response includes creating a new cyber command to oversee offensive and defensive cyber operations.

The revelations emerged as part of a long-awaited Strategic Defence Review. The review was launched by Sir Keir Starmer last July ahead of a major NATO summit in June.