A hacker collective known as Just Evil breached government websites in Moldova, demanding 40 thousand euros for unfettered access to archived data. This claim was relayed through the Telegram channel KP Moldova, which has been cited by local observers as a channel for rapid updates on cyber incidents in the region.
In their communication, the group asserts that they obtained the records of Moldovan government officials. The disclosed material allegedly includes personal identifiers such as full names, email addresses, and phone numbers, alongside official positions across multiple ministries and agencies. The implication is that sensitive personnel information could be exposed or misused if demands are not met, raising concerns about the privacy and security of civil servants and the integrity of public data in Moldova.
Further reports from local media indicate that Just Evil claims access to documents housed within the Ministry of Justice, dating from 2014 up to the present. The hackers say they would sell these documents for 40 thousand euros and could introduce covert alterations to the records, which would complicate governance, record-keeping, and judicial processes if verified. The alleged access to such documents adds a layer of potential risk to institutional operations and public trust.
Officials from Moldova’s Ministry of Justice have not issued public comments to confirm or deny the breach, leaving the situation without an official narrative while investigators assess the scope and impact. The absence of immediate commentary often accompanies ongoing cyber incidents as authorities work to verify claims, preserve evidence, and determine practical remediation steps for affected parties.
On a broader front, KillNet, a collective known for its pro-Russian stance, is said to be linked to Just Evil through its founders. In late February, the group allegedly targeted the presidential site of Moldova, Maia Sandu, injecting explicit content into the site description. Earlier in February, hackers reportedly compromised the systems of Ignitis Grupė, which impacted the charging infrastructure for a significant fleet of electric vehicles in Lithuania. These actions suggest a recurring pattern of high-profile intrusions intended to provoke disruption and draw attention to political and strategic issues in the region.
Earlier reports have hinted that KillNet operators may pursue further private hacking operations, signaling an ongoing risk to political institutions and critical infrastructures across the region. The evolving activity underscores the importance for public-sector entities to strengthen cyber defenses, implement robust data protection measures, and maintain transparent communication with the public to manage reputational and operational risks during cyber crises.