27.05.2026
2 min
117
A database allegedly stolen from Lithuania’s state registry center has surfaced online, potentially containing residential addresses, residence permit details, property records, and business information. According to cybersecurity communities, the attack may be linked to the GRU-associated hacking group APT28 Fancy Bear, while the leak itself is already being активно discussed on Russian hacker forums.
A massive data leak from Lithuania’s state registry center is being discussed online after more than 600,000 records were reportedly exposed. Among the potentially compromised information are residential addresses, residence permits, business registrations, and property ownership data, including records tied to Russian and Belarusian relocants who moved to Lithuania after the start of the war.
The incident allegedly involves data from Lithuania’s state enterprise Registrų centras, which stores some of the country’s most important national registries. These databases include property records, company registrations, residential addresses, and residence permit information. According to discussions circulating in cybersecurity communities, the leak does not contain simple email-password combinations, but far more sensitive details showing where people live, what they own, and what kind of business they operate.
The case has drawn particular attention because Lithuania became one of the main destinations for Russian and Belarusian opposition members, IT specialists, and anti-war relocants in recent years. Many of them went through strict banking compliance checks, obtained residence permits, and relocated specifically for security reasons.
Now, as users on Russian-speaking forums sarcastically note, the “comrade major” may have received their new addresses in just a single click.
According to information currently circulating in cyber communities, the attack may be linked to the GRU-associated hacking group APT28 Fancy Bear. The group has repeatedly been connected to cyberattacks targeting Baltic state institutions and European organizations.
Another platform repeatedly mentioned in discussions is Exploit.in, considered one of the oldest Russian-speaking hacker forums. Despite its reputation as a “closed” community, access to the forum давно turned into a commercial invite-based system. According to forum users, participants are actively analyzing the leaked database there, searching for information on journalists, activists, and individuals considered undesirable by Russian authorities.
APT28 Fancy Bear has long been associated with Russian intelligence services, particularly the GRU. The group has been accused of carrying out cyberattacks against NATO countries, government institutions, media outlets, and political organizations around the world.
After the start of Russia’s full-scale invasion of Ukraine, Lithuania became one of the key destinations for Russian and Belarusian citizens fleeing political pressure, mobilization, or fears of persecution.
If the leak is officially confirmed, the incident could become one of the largest personal data breaches in the Baltics in recent years. At the same time, it serves as another painful reminder that even moving abroad does not guarantee complete digital security.
