Summary
For about a year, soldiers of Russia’s 5th Guards Combined Arms Army shared classified orders, passwords, and operational plans through a public Telegram chat until investigative journalists found it and exposed a major intelligence breach.
What Happened
Soldiers from the Russian Armed Forces’ 143rd Rifle Division used a public Telegram group to share sensitive military information for about twelve months.
The investigative outlet ASTRA discovered the chat and published its findings. The group, crudely named in Russian, was originally meant for posting daily video conference links for unit commanders.
Over time, it became a repository for classified headquarters orders, personnel data, and access credentials. The chat went quiet after May 4, following reports in late April that unauthorized individuals had gained access. Russian pro-government commentators say the leak triggered internal military investigations.
What Was Inside The Chat?
The group served as an informal but extensive archive of operational materials from the 5th Guards Combined Arms Army. It began as a simple logistics tool, posting daily Yandex Telemost video conference links so unit commanders could join briefings. This routine administrative function gradually became a cover for far more sensitive traffic.
Alongside those conference links, journalists found formal headquarters orders, including one signed by Acting Chief of Staff Colonel Dmitry Litvinov and Unmanned Systems Department head Colonel Serik Zhunusov, addressing supply shortages and the underperformance of robotic systems.
The chat also contained spreadsheets listing service members by name, video surveillance system inventories, ammunition request forms, and login credentials, including two-factor authentication keys, used by commanders to access live drone feeds.
Perhaps most striking was a December 7, 2025, order directing specific units, the 127th Motor Rifle Division, 394th Motor Rifle Regiment, 218th Tank Regiment, 1171st Anti-Aircraft Missile Regiment, and 872nd Self-Propelled Artillery Regiment, to stage decoy targets near Vremivka.
These included fake vehicle movements, simulated field kitchens, and staged personnel activity, complete with coordinates, designed to be filmed and presented as covert footage from pro-Ukrainian locals. Additional documents covered intelligence-gathering procedures, river code names, radio deception plans, and psychological warfare directives.
Why Is This Significant
This breach gives Ukrainian intelligence a verified, dated map of Russian deception operations, drone access points, and unit deployments—intelligence that would normally take months to gather through traditional means.
It also exposes a structural weakness: low-level operational security in the Russian military relies on informal, unvetted digital channels rather than secure systems.
For intelligence agencies broadly, this case highlights a growing reality of modern warfare. Open-source and digital monitoring of adversary communications has become a frontline intelligence discipline, often surfacing actionable material that espionage networks cannot match in speed or volume.
