Kuleba: Russian hackers used CRMs to track Ukrainians

At Infosecurity Europe 2026 in London, former foreign minister Dmytro Kuleba warned that Russian intelligence has breached customer relationship management systems used by gyms, salons and supermarket loyalty programs to locate, blackmail and abduct Ukrainian citizens.

Kuleba spoke to a full auditorium at ExCeL and recounted that his trip to the conference was delayed after his vehicle struck debris from a Russian missile while traveling to Warsaw.

Drawing on Ukraine’s experience since the 2022 invasion, he described how routine business software has been used to find and follow people. He cited cases in which fitness club appointments, salon bookings and supermarket loyalty records were accessed to track movements.

Ukraine’s security services instructed him to change his gym and barber to reduce tracking, he added. He linked the activity to long-standing use of Russian-made applications in Ukraine that gave outside actors a path into customer data.

He noted small businesses can be entry points for larger operations and urged modest merchants to improve cybersecurity. He also told procurement teams to factor geopolitical risk into software choices.

Kuleba urged IT leaders to rethink disaster recovery and business continuity, pointing to the December 2023 cyberattack on Kyivstar. The operator was taken offline after a single employee account was compromised but managed to isolate and restore systems within days.

Describing steps taken by his ministry in late 2021, he outlined audits of infrastructure and the physical relocation of core servers to a secure site abroad so critical systems could survive direct disruption. He quoted Mike Tyson: “Everyone has a plan until they get punched in the face.”

He stressed that recovery depended on close knowledge of technical environments rather than fixed playbooks and called on chief information officers and security teams to assume third-party business software can be weaponized and to invest in sovereign, secure technology stacks.

He closed by redefining operational resilience as continuous repair during sustained attack, saying, “Resilience is your ability to keep repairing the networks as destruction becomes the new normal.”