Photo: Shutterstock 2026-07-08
Photo: Shutterstock 2026-07-08
A Russian cyberespionage operation spent a month inside a Belgrade think tank’s inboxes, reading 28,000 emails after posing as a Belarusian dissident to get in. Tied to the SVR and GRU, the hackers weren’t just after documents — they walked away with a blueprint of relationships and vulnerabilities that AI can weaponize. As Serbia heads toward elections, the attack reveals a darker pattern: Moscow and Belgrade often chase the same enemies.
Serbia, which has seen almost two years of protests following the collapse of a canopy at the Novi Sad railway station in November 2024, is expecting elections later this year according to president Aleksandar Vučić’s latest statement. These protests have been met with intimidation and suppression and those in power in Serbia are expected to crack down further rather than relinquish it. Many of the tactics used today are borrowed from, or deployed directly with the help of, Russia.
In August 2025, the Belgrade Centre for Security Policy (BCSP), a Serbia-based think tank, uncovered a cyber-espionage operation directed against their organization. Srđan Cvijić, a former diplomat, senior policy advisor, doctor of law from the Department of Law at the European University Institute in Florence, and current president of the International Advisory Committee of the Belgrade Centre for Security Policy, spoke to us about the operation and its broader implications for Serbian society, the upcoming elections, and the country’s relations with the rest of Europe.

Srđan Cvijić, current president of the International Advisory Committee of the Belgrade Centre for Security Policy. Photo: VSquare.org
Summary of the Cyber-Espionage Case
In August 2025, the director of the Belgrade Centre for Security Policy (BCSP), Igor Bandović, received a message on Signal from someone who claimed to be Belarusian opposition politician Sergei Tikhanovsky, the husband of Svetlana Tikhanovsky, the Belarusian opposition leader currently in exile. He claimed to have Bandović’s contact from an organization that BCSP previously worked with. The person suggested a video call, but the call never connected and the partner organization never gave Tikhanovsky Bandović’s contact information. This was not the start of the espionage.
A forensic analysis showed that the organization’s internal network was accessed without authorization as early as September 2024, which allowed the attackers to log in as regular users. Second, they accessed the administration of the entire system, gaining control over servers, passwords, documents, archives and communications. The third phase of the attack was a systematic surveillance of all communications, meaning messages, attachments and archives. For nearly a month, the attackers accessed the emails of BCBP more than 28,000 times, each individual access record meaning a visit to the inbox and internal documents, and even an attempt at communication with employees.
The forensic analysis showed that the attack was coordinated by two hacker groups, known as Midnight Blizzard, linked to the Russian Foreign Intelligence Service (SVR), and Forest Blizzard, linked to Military Intelligence Service (GRU). One group did the silent surveilance actions while the other performed more aggressive actions like taking over accounts, including creating a fake website that it attributed to the Belgrade Security Conference.
Further collaboration between the Serbian and Russian regime was uncovered in the meantime. This included training camps for preparing riots and disrupting elections in Moldova and the testing of illegal sound cannons that were allegedly used during a protest in Serbia.
I’d like to start with the cyber attacks your organization and some of your colleagues were victims of. Can you tell us what changed after you uncovered the operation? How difficult was it to remove the threats and adapt your workflows?
The technical remediation was not easy, but ultimately manageable. We removed the threats, rebuilt trust in our infrastructure, changed procedures, hardened our systems, and renewed access protocols. Most importantly, we stopped treating cybersecurity as an IT issue and started treating it as an organizational survival issue. Our systems were originally built for what you might call a regular peace-time environment, but we now understand that we are engaged in a kind of hybrid war over our own democracy and sovereignty.
The real damage, however, is psychological and political. While we were able to remove the threats from our systems, what we cannot so easily remove is the knowledge that a dictatorship’s security service has walked all over our private and professional lives. That feeling stays. It has definitively changed how people communicate, how we think about protecting partners, sources, colleagues, and even family members — especially for those who, as many people do, carelessly used a professional email account for personal purposes.
That is precisely the point of such an attack: not only to steal information, but to create fear and hesitation. The most dangerous dimension today, I think, is what can be done with that data using AI. If someone has 30,000 to 40,000 of your emails — which is the case with BCSP — they don’t only have documents. They have a map of your relationships, habits, political thinking, vulnerabilities, internal disagreements, information about your donors and partners, and even your private anxieties. With AI, they can build a detailed profile and weaponize it against you whenever they choose. Our infrastructure can be cleaned, and it is clean, but once an authoritarian intelligence service has entered your digital life, the damage becomes strategic. It stops being a cybersecurity issue and becomes one of personal and institutional intimidation.
Ultimately, the attack on our organization was not only an attack on BCSP. It was a warning about the future of democracy in this country. If a genuinely independent, democratic think tank can be hacked by Russian actors and domestic actors simultaneously, then politics is being driven out of the public sphere and into the security sphere entirely. That is precisely how you recognize the further authoritarianization of a system. This is not just about us — it is about the whole of society.
The operation also involved mirror websites, an information manipulation tactic we’ve seen in other countries. Threat actors make identical copies of legitimate websites to spread malicious content and mislead users. Were there new elements, new tools, new uses of AI, new narratives — that you hadn’t encountered before? Did you observe any actual misuse of the stolen data?
The technical tools themselves were not entirely new. Russia has used all of these methods before. What is new in our case, in Serbia, are two things. The first is that we were victims of a combined GRU and SVR attack — simultaneously. The second is the large political question mark hanging over this entire operation: did the Russians carry it out for their own strategic benefit, or also for the benefit of the Serbian regime?
I think that is the real novelty, and it is what makes our situation distinct. In many European countries, Russian hybrid operations target governments, institutions, and societies that are largely and clearly resisting Moscow. In Serbia, the situation is far more ambiguous — and, in my view, more dangerous because of that. Russia may be collecting information for its own strategic purposes, but that information could also be handed over to domestic authoritarian actors.

Srđan Cvijić. Photo: VSquare.org
We were not the only organization attacked in that period. During the autumn of last year, other civil society organizations and independent media outlets in Serbia also received notifications from their service providers that they had been victims of state-sponsored attacks. Unlike us, most of them did not conduct forensic investigations because they lacked the resources. This raises a significant question. If BCSP — a think tank with international and Western connections — is attacked by Russian actors, one might assume we were used as a conduit to reach others. And indeed, after taking control of some of our email addresses, attackers did attempt to infiltrate the systems of our Western partners — for example, speakers at our Belgrade Security Conference last year. They were not successful, but they tried.
The Serbian context gives all of this a different meaning. Civil society, independent media, pro-European actors, and democratic activists here are not only targets of Russian influence operations — they are simultaneously targets of domestic, regime-sponsored attacks that label them as foreign agents, extremists, traitors, or organizers of so-called “color revolutions.” So the novelty lies not only in the method, but in this possible convergence of interests between Moscow and Belgrade.
Does that mean civil society is more vulnerable because the pressure is coming from two directions? And do you see direct cooperation between Serbian government-affiliated actors and Russia? Is Serbia actively helping Russia with its interference operations?
Serbia is definitely an outlier, because it faces this dual pressure. In many countries, civil society is under attack from external forces, but Serbia combines several dangerous features simultaneously: domestic surveillance, smear campaigns, pro-government media targeting, police and judicial pressure — all alongside a government that cooperates with Russia.
One of the clearest examples is how pro-government outlets have treated people like me and my organization. Pro-regime media, both print and television, have not simply criticized our work, as would happen in a democracy. They have consistently attempted to dehumanize and delegitimize us. The attacks range from portraying us as dangerous foreigners, traitors, extremists, and servants of Brussels, to absurd and invasive personal insinuations — including claims about my private life and even my marriage. I don’t want to dignify each of those stories by repeating them, but the pattern matters: the goal is to make civil society actors appear corrupt, alien, and dangerous, so that any attack on them will seem acceptable to the public. It is like painting targets on our foreheads. And the paradox, which is where the link to Russia becomes visible, is that we are not the traitors. They are. We are patriots, and their actions look like those of people serving a foreign hostile power in the middle of Europe.
What makes Serbia exceptional is that the Russian dimension was not the only one. In 2024, Amnesty International’s report Digital Prison documented the use of spyware and digital repression against civil society in Serbia, including Pegasus and the domestically-developed Android spyware NoviSpy, misused against activists and protest leaders. My colleagues were confirmed victims of Pegasus back in 2023. So that layer of domestic digital repression already existed — and then the Russian attacks were added on top of it.
Do you see any actual change in public perception of civil society as a result of these smear campaigns? At the same time as they are happening Serbia has had over a year and half of protests, since the canopy collapse in Novi Sad in November 2024.
It’s important to keep in mind that the demonization of Serbian civil society is not new. It dates back to the 1990s and the [Slobodan] Milošević regime. The same anti-Western narratives, portraying critical voices as Western spies, were already present then. If you look at broad public opinion surveys, civil society organizations as a whole are not very popular. But that changes when you move from the abstract to the specific. The more people are asked about particular organizations or individuals, the more their perception improves — because people actually know what those organizations do. The abstract concept of “civil society” has been successfully demonized over decades by successive regimes, and now by Vučić’s — but it is much harder to demonize specific people and institutions that citizens interact with directly.
When we monitored elections in Moldova, experts discussed how Russia used it to test tactics before deploying them toward EU member states. Could Serbia serve a similar function — not being in the EU and offering a more politically favorable environment?
I think the cases are fundamentally different. Moldova is a country Russia wants to capture to block its European path and pull it back into its sphere of influence. That is why Moldova has been targeted with massive disinformation campaigns, vote-buying schemes, and various forms of electoral interference. But interestingly, some of these operations were actually prepared on Serbian soil. People were trained in Serbia to carry out interference during Moldova’s elections, and individuals working in the offices of certain Serbian ministers were allegedly implicated. It is literally impossible that the Serbian authorities were unaware of these training camps being organized inside the country. In the best-case scenario, their role was passive.
Serbia is different from Moldova because Serbia is not simply a victim of Russian influence. It is often a partner, amplifier, and beneficiary of it. I must stress that this does not mean Serbia is fully controlled by Moscow. What it means is that the Serbian and Russian regimes frequently identify the same people and groups as enemies: pro-European and democratic actors, independent journalists, civil society members, students, anti-war Russians — many of whom live here — and anyone opposing authoritarian politics. This is why Serbia can become a kind of laboratory, not only for Russian information operations, but for authoritarian pressure more broadly. The pro-European front here is simultaneously attacked by domestic propaganda, state institutions, and Russian-linked cyber actors.
The elections in Serbia are coming up, most likely next year according to Vučić himself. In his recent announcement he said he would step down in the following weeks, but it is assumed that he is only stepping down with the ambition to become the prime minister. Do you expect escalation in government pressure on civil society in the next few months because of the fight for power?
I think we can definitely expect escalation. As you know, Vučić has announced his resignation — though he has done so periodically since 2023, so for us it reads more as a familiar political tactic to occupy public attention and create uncertainty within the democratic camp. The fact remains that he must call presidential elections by May next year and parliamentary elections by late January 2028. Since he cannot run for president a third time, and since he lacks a strong presidential candidate, he will likely call both elections simultaneously to meet the presidential deadline. The real question, therefore, is not whether elections will be held, but whether the regime is prepared to lose. I do not believe Vučić will concede power peacefully, the way Viktor Orbán did after losing earlier this year in Hungary.

Srđan Cvijić. Photo: VSquare.org
The DNA of Vučić’s party is fundamentally different from Fidesz. The SNS is not simply a populist institutional party. It can genuinely be considered a violent extremist party. In our recently published report at BCSP, we examine this directly. The system of power is built around control of media, public institutions, public resources, and business networks — similar in some ways to Fidesz — but violence is the main distinguishing element. Fidesz originally came from a liberal corner of the political spectrum and evolved rightward over time. Vučić’s party, by contrast, is more analogous to Hungary’s Jobbik [conservative party]: it softened its public image just enough to gain power, then implemented its older extremist policies once in office.
As elections approach, I expect more escalation: more smear campaigns, more surveillance, more digital attacks, more intimidation, more accusations of foreign interference, and a continuation of the Georgian scenario with mounting attempts to criminalize dissent.
Do you think Vučić would attempt to claim election fraud if he loses?
Absolutely. He will not step down peacefully, and if he loses, he will be forced to cross red lines he has not crossed before. Every single election in Serbia since the SNS came to power in 2012 has been less free than the one before it. In December 2023, we even witnessed the organized busing of voters from neighboring countries to vote in local Serbian elections. If Vučić is forced to cross those red lines, even the EU partners who have been willing to work with this regime — for various reasons — will no longer be in a position to protect it. And at that point, whom will the regime turn to? Russia, of course. Russia is not only a foreign policy partner for this government — it is a model of political survival under pressure.
Would Vučić and his party be willing to give up EU accession entirely?
The thing is, we are not Georgia. Serbia is not intrinsically linked to the Russian economy. Its livelihood depends on the EU market and EU member states, their companies and investments. We do not share a border with Russia. So in geopolitical and economic terms, the survival of an authoritarian Serbia outside of the EU orbit would be unsustainable. Even in the most negative scenario — a fully authoritarian regime, rigged elections, and all that follows — it would not last very long.
What do you mean by “not very long”? What are the current predictions for the election outcome?
I mean that democracy would return. Just look at the period from the collapse of the roof at the Novi Sad railway station to today — nearly two years of sustained protest against his rule. If you mapped the developments of those two years as a heartbeat monitor, every time the regime tried to harden its response and increase repression, public discontent flared higher. I think the regime itself understands that Serbia is not Belarus or Georgia. They cannot simply go fully authoritarian, because society would crush them.
There is another important factor visible in public opinion surveys. About 20 percent of the electorate votes for this government out of genuine ideological conviction — they are fully pro-Russian, anti-Western supporters. But the larger portion of regime voters are people who tend to vote for incumbents as long as they perceive economic conditions as reasonably stable. The moment that rug is pulled from under their feet, they will become extremely anxious. You see this clearly when you look at the polling: if you ask Serbs which foreign power is Serbia’s greatest friend, the largest share says Russia. But if you ask where they would go to work and build a better life, they all say Europe, Germany, Austria.
The surveys up to now do not show a clear lead for the democratic camp in the way we saw in Hungary. In Serbia, it is closer to 50-50. The regime’s primary strategy at this point is not to recover lost support — they know that is nearly impossible. But if the democratic bloc manages to unite, and manages to project a convincing image of victory — the way Tisza did in Hungary — many of these soft government voters will shift sides. Even in our own recent BCSP survey on public perceptions of police and security services, you can clearly see that majorities — sometimes large majorities — of the population recognize the same systemic problems. More than half think the country is going in the wrong direction. But that recognition does not translate linearly into political support for the opposition. The regime’s strategy is still working — for now. But the more openly authoritarian the government becomes, the more of that support it will bleed.
Subscribe to “Goulash”, our newsletter with original scoops and the best investigative journalism from Central Europe, written by Szabolcs Panyi. Get it in your inbox every second Thursday!
Tamara is a journalist from Slovakia, currently based in the Netherlands. Besides VSquare, she writes for The European Correspondent.