SBU Charges 81 in Counterintelligence Sweep Including 20 Serving Officers: Russian Penetration of Ukraine's Security Apparatus Deeper Than Acknowledged

Ukraine's Security Service (SBU) has filed charges against 81 individuals in a counterintelligence operation described by the agency as one of its most significant since the full-scale invasion began in February 2022. The case's most operationally significant element is the inclusion of 20 serving SBU officers among those charged — a figure that represents not an isolated insider threat but a penetration operation of systemic scale. The disclosure, made through official SBU channels, carries high-confidence sourcing and raises immediate questions about the scope of access compromised and the duration of that access.

The individuals charged span multiple categories: current SBU officers, former security service personnel, civilian officials, and non-government individuals assessed as having acted as Russian intelligence assets. Ukrainian prosecutors have described the network as spanning multiple SBU regional directorates, meaning the penetration was not confined to a single unit or geographic area. Charges include high treason, state secret disclosure, and collaboration with a terrorist organisation — the last designation reflecting Ukraine's formal legal classification of Russian security services.

The SBU has been under sustained Russian intelligence pressure since long before the 2022 invasion. A post-invasion review conducted that year resulted in significant personnel changes at senior levels after evidence emerged that the SBU's counterintelligence directorate had itself been penetrated — a finding that contributed to Ukraine's failure to anticipate the pace and direction of the initial Russian assault. Subsequent reforms were intended to address the institutional vulnerabilities, but the current case confirms those reforms have not fully neutralised Russian access.

The intelligence damage from a 20-officer penetration inside the SBU is difficult to bound without the charging documents, but the operational implications are severe. SBU access encompasses counterintelligence targeting, source operations, communications intercepts, and coordination with Western partner services. Any of these, if compromised, represents significant damage to Ukraine's security posture and to the intelligence cooperation it relies on from NATO members. Western partner services will be conducting their own exposure assessments through liaison channels.

The decision to publicly disclose now — during a period of sustained front-line pressure in the east and northeast — likely reflects a judgment that the network has been sufficiently rolled up to make disclosure safe, or alternatively that the SBU requires a visible counterintelligence success to bolster institutional credibility with Western partners currently in difficult aid and intelligence-sharing negotiations.