Digital sabotage and physical endangerment

Quarterly report

In the latest overview from the digital rights monitoring in Serbia, carried out by the SHARE Foundation, a total of 57 violations of human rights in the digital environment were recorded from December until the end of February 2026. The fraud, threats and manipulation category was again the most prominent with 48 violations. There were far fewer violations in the other two categories – seven cyber incidents and two cases of endangering privacy and personal data. The end of last year was marked by coordinated attacks and constant tensions, which continued to grow from the start of student and citizen rebellion. At the same time, new methods of attacking those who criticise the regime appear to be evolving rapidly.

No shelter from sabotage

Reporting on matters of public interest through social media has become almost an obligation – without livestreams, stories and reels from protests, the picture of today’s Serbia would be incomplete and unrealistic. Despite all the negative consequences of concentrating the flow of information through just two platforms, Instagram and X, media organisations, journalists, students and activists rely on them as critical infrastructure for their everyday activities and their social function. In recent times, we have recorded multiple waves of sabotage targeting Instagram accounts that fall outside the pro-government media sphere. These attacks also drew an international reaction. 

More than 20 Instagram accounts belonging to media outlets, journalists and activists were suspended over the weekend of 16-18 January, allegedly for breaching Meta’s Community Standards. The suspensions were preceded by mass influxes of followers — thousands of inauthentic accounts, or “bots”, mimicking users from distant countries. Among those affected were accounts of the Nova.rs portal, Radar magazine, the civic organisation CRTA, photojournalist Gavrilo Andrić, activist Miran Pogačar and many others. Following a reaction from the civil society, Meta quickly restored the accounts, but the subsequent week brought a new flood of tens of thousands of fake followers targeting accounts of the media owned by United Group: N1, Nova.rs, Radar and Danas.

While the media and activist community were gathering, analysing and sharing information about the suspensions and fake followers, a new wave of Instagram attacks hit during the final weekend of January. This time, the accounts targeted were those of Ozon Press (a news portal from Čačak), student activist Lazar Stojaković, exiled activist Mila Pajić and Savo Manojlović, leader of the “Go-Change” movement. A coordinated domestic response and international support in alerting Meta to the situation in Serbia remain, for now, the key means of defending the Instagram accounts of media outlets, activists and civil society organisations.

It is also noticeable that Instagram is being used for online confrontations with civic activists, through accusations or threats to share intimate images. In Kula, where local elections are due soon, the situation escalated in February when several Instagram accounts repeatedly shared private photos of 14 local activists and threatened to release intimate recordings. After the activist community reported them, Meta suspended the accounts for breaching platform standards, but new accounts continued to spread harmful content targeting activists. As the wave of Instagram attacks has temporarily subsided, cyberattacks on the websites of Radar and several other local portals followed – Južne vesti, Glas Šumadije, Pressek, Vranje news, Krug and E-Braničevo. As with the Instagram accounts, the digital infrastructure of these media outlets came under attack on Friday, February 13, making their websites difficult to access throughout the following week. In a statement for Cenzolovka, Marina Miljković Dabić, editor of the Krug news portal, reported a large volume of visits from China and Singapore, adding to suspicions that this was an organised effort to flood the servers with traffic and prevent legitimate readers from accessing the site.

European champions in attacks

The safety of journalists in Serbia has long been a serious concern in terms of human rights protection, with the situation worsening year by year. According to the MFRR Monitoring Report for 2025, there were 208 cases of media freedom violations in Serbia, placing it at the top among the 36 European countries monitored by MFRR (27 EU Member States and nine membership candidates). By comparison, Georgia came in only second place with 143 cases, despite being considered a country where repression of independent media and civil society is even more severe. The number of incidents registered by MFRR has grown drastically compared to 2024 and 2023, coinciding with the increased repression of the regime against student and citizen protests and the journalists covering them.

In addition to the usual threats, pressures and targeting of journalists, which occur on a daily basis throughout the prolonged social crisis, arrests of journalists and politically active people for expressing opinions online have also been recorded as a form of retaliation. Journalist and newsreader at a local TV station, KTV, Aleksandar Dikić was arrested in late December after comments he made on a podcast were interpreted as “calling for a violent change of the constitutional order” — a legal charge frequently used against activists during citizens’ and students’ protests. Dikić was soon released and is facing charges outside custody.

A similar case followed shortly after. Čedomir Stojković, a lawyer who became publicly known for his social commentary and open criticism of the regime, launched a podcast in 2025. He was arrested over posts he had made on X, some dating back to 2022, and was likewise released, but was prohibited from using X and YouTube. However, Stojković was placed under house arrest in January after he continued recording his YouTe podcast. At the end of February, he was remanded in custody for 30 days after publishing a document marked “secret” from a lawsuit filed against him by the Security Information Agency (BIA). Such legal proceedings have a serious effect on the right to share and receive information, even where the content is considered controversial. Combined with the broad interpretation of criminal offenses against the constitutional order, this heightens the “chilling effect” — the fear that any sensitive social media post can turn a citizen into a defendant.The Center for Social Stability, a so-called GONGO that openly attacks civil society and professional media in Serbia, published a list of 45 journalists, activists and public figures, which can be interpreted as creating space for further attacks. With parliamentary elections expected and local elections under way across Serbia, and with growing citizen dissent, the general social situation is approaching a boiling point, further aggravated by the continuation of the aggressive rhetoric from government representatives and their supporters online.

Vote at the link

Online scams are constantly evolving as attackers keep changing their tactics, techniques and procedures in order to draw more people into their networks of manipulation and gain access to confidential information, which can then be used for financial gain or other purposes. As highlighted in our Annual Monitoring Report for 2025, the growing shift of public and private actors in Serbia towards electronic communication with citizens is increasingly being exploited. The trend of social engineering scams has continued into 2026, with two tax-related scams appearing — one in January and another in February. The Tax Administration warned citizens about both, as the scams were linked to paying taxes, interest and other obligations within its jurisdiction.

A more unusual scam targeted WhatsApp users through fake competition voting and claims of published photos of the message recipient. Users received links to alleged online votes, through which they unwittingly granted attackers access to their WhatsApp by entering a device-linking one-time code. After taking over the accounts, attackers would send the same or similar messages to the victim’s contacts in order to expand the network of compromised accounts, or would use them to ask for loans. A fraud using similar tactics was identified in Czechia, suggesting the campaign can be adapted to different contexts and regions.

Although these scams may appear to target less digitally literate users, the risk exists for everyone — though citizens with lower levels of digital literacy remain more vulnerable. Institutions such as the Ministry of Interior, the Tax Administration and banks issue warnings and protection advice after incidents have already occurred; but alongside these reactive measures, broader education and prevention campaigns are also necessary.