Second top Ukrainian cyber official arrested amid corruption probe


A high-profile Ukrainian cybersecurity official who was fired from his position last week was detained on Monday for his alleged involvement in an embezzlement scheme.

Viktor Zhora, the ex-deputy head of Ukraine’s State Service for Special Communications and Information Protection (SSSCIP) will be held in pretrial detention for two months with bail set at $276,000, according to Ukraine’s anti-corruption court.

Zhora is accused of facilitating a corruption scheme involving the procurement of software for SSSCIP. According to Ukraine’s anti-corruption agency (NABU), Zhora and five other suspects embezzled $1.72 million between 2020 and 2022 by fraudulently classifying the procurements.

One of the suspects, former head of SSSCIP Yurii Shchyhol, was released from detention on Friday on $700,000 bail. He is now prohibited from communicating with witnesses or other suspects, must surrender his passport for international travel, and is obligated to wear an electronic bracelet.

In a pretrial court hearing last week, investigators said that they discovered the supposed correspondence of the suspects on Zhora’s phone on the Threema messenger — a Swiss messaging service used by the military in Switzerland and state officials in various other countries, including Ukraine.

The suspects used coded language and pseudonyms for communication. They referred to SSSCIP as “kolkhoz” (which means “collective farm” in Russian); Shchyhol used the pseudonym “Bird” (probably because his surname means “goldfinch” in Ukrainian), and Koval was dubbed “Yoda.”

The messages obtained by the detectives revealed that the software in question was allegedly developed by the U.S.-based tech company EPAM Systems and that it was procured through intermediary companies linked to Ukrainian businessman Roman Koval, who is suspected to be the mastermind behind the scheme.

Koval is Zhora’s ex-business partner. The Ukrainian anti-corruption agency alleges that Koval used his connections at SSSCIP to appoint “a loyal person” as the deputy head of the agency to oversee procurement.

Get more insights with the

Recorded Future

Intelligence Cloud.

Learn more.

No previous article

No new articles

Daryna Antoniuk
is a freelance reporter for Recorded Future News based in Ukraine. She writes about cybersecurity startups, cyberattacks in Eastern Europe and the state of the cyberwar between Ukraine and Russia. She previously was a tech reporter for Forbes Ukraine. Her work has also been published at Sifted, The Kyiv Independent and The Kyiv Post.


Leave a Reply

Your email address will not be published. Required fields are marked *

Previous Post

Tao Thomsen and the effort to back up what makes Ukraine uniquely Ukrainian

Next Post

Ukraine claims cyber operation against Russian aviation agency

Related Posts

Meta Warns of 8 Spyware Firms Targeting iOS, Android, and Windows Devices

Meta Platforms said it took a series of steps to curtail malicious activity from eight different firms based in Italy, Spain, and the United Arab Emirates (U.A.E.) operating in the surveillance-for-hire industry. The findings are part of its Adversarial Threat Report for the fourth quarter of 2023. The spyware targeted iOS, Android, and Windows devices. "Their various malware included
Omega Balla
Read More

Hackers Exploiting Ivanti VPN Flaws to Deploy KrustyLoader Malware

A pair of recently disclosed zero-day flaws in Ivanti Connect Secure (ICS) virtual private network (VPN) devices have been exploited to deliver a Rust-based payload called KrustyLoader that's used to drop the open-source Sliver adversary simulation tool. The security vulnerabilities, tracked as CVE-2023-46805 (CVSS score: 8.2) and CVE-2024-21887 (CVSS score: 9.1), could be abused
Omega Balla
Read More

New PoC Exploit for Apache OfBiz Vulnerability Poses Risk to ERP Systems

Cybersecurity researchers have developed a proof-of-concept (PoC) code that exploits a recently disclosed critical flaw in the Apache OfBiz open-source Enterprise Resource Planning (ERP) system to execute a memory-resident payload. The vulnerability in question is CVE-2023-51467 (CVSS score: 9.8), a bypass for another severe shortcoming in the same software (
Read More