Report: Digital incidents in the Ukrainian public sector from July to August 2023

From July to August 2023, NGOs and activists were regularly attacked, from phishing to restrictions on social media accounts. During this period, the Digital Security Lab recorded 13 such incidents. Some of them were harmful.

We share examples of such attacks and give recommendations on how to avoid danger.

Among the incidents were 5 account hacks, 5 phishing attacks, and 3 social media restrictions.

Account hacks

We recorded 5 successful account hacks. Among them were 2 hacks of Instagram accounts: the attackers changed the password and contact information to prevent the owners from accessing their accounts and demanded money to get access back. We also found 2 hacks on Telegram: the attackers sent messages to all contacts asking for money.


  • Use a strong password and up-to-date contact information on services that are important to you;
  • Enable two-factor authentication.


In July and August, we investigated 5 phishing messages: 4 of them contained a link to a phishing site and 1 contained malware. Only one attempt was successful. 

Hacking of Telegram using bots continues. Attackers pretend to be the messenger’s support, report problems with the account and offer to solve them through a fraudulent bot. The latter requests a code sent through an SMS, which is the first factor in logging into the account. 


  • Do not share codes from SMS and messages received in messengers with anyone, as this is the first factor of logging in; 
  • Enable two-factor authentication.

Account restrictions

During this period, we received three requests related to the problem of account restrictions. Only one case was related to the restriction due to content about the war.

Recommendations: in case of restrictions, be sure to file an appeal and contact support. If that doesn’t work, you can contact the Digital Security Lab (we work only with media, civic activists, human rights defenders, and volunteers).


Disclaimer: this material only contains incidents that the Digital Security Lab worked with or encountered from July to August 2023.