On 5 April 2026, the website of the Kharkiv media outlet Nakypilo was targeted in a hacking attack launched directly from the Russian Federation, according to Ukraine’s Institute of Mass Information (IMI).
Yuliia Napolska, IMI’s representative in Kharkiv region and production director at Nakypilo, said one part of the attack targeted the order form on the website. Notifications from the form were sent to her email and smartwatch, with around 500 requests received within two hours and more than 2,000 over the course of the day.
Nakypilo editor-in-chief Olena Leptuha told IMI that another part of the 5 April attack targeted the website’s comment form, with around 100 attempts recorded. She said the attackers used typical injection requests aimed at finding vulnerabilities in websites.
According to Leptuha, all attempts were blocked and the attack did not affect the website’s operation, lead to a data leak or result in a hack. The administrator alert system was triggered during the attack, allowing Russian IP addresses used in the attack to be blocked.
Leptuha said the website’s comments were generally disabled, but the attackers tried to exploit old service posts where it was still possible to submit comments for moderation.