Flag of the Russian Federal Security Service a/k/a FSB

On December 4, 2025, the Russian-linked ransomware group Qilin claimed responsibility for a data breach at the Church of Scientology’s Advanced Organisation Saint Hill UK. Thirteen days later, FSB officers arrested Scientology operatives in Siberia. 

I: The Documented Breach

What Qilin Took

In early December 2025, Qilin published 22 screenshots as proof of access to Saint Hill’s systems. The leaked materials, documented by Cybernews, HackRead, SC Media, and Zataz.com, include:

The breach represents file server or document management level access—not a single endpoint compromise. French security researcher Damien Bancal noted the Scientology target was “particularly sensitive and high-profile…from an intelligence perspective.”

II: INCOMM: Scientology’s Communications Network

INCOMM is Scientology’s inhouse computer system.

The acronym: International Network of Computer Organized Management. 

• Purpose: INCOMM serves as the technical backbone of the “Command Channels of Scientology,” tracking data from all licensed entities and ensuring compliance with the directives of the Religious Technology Center (RTC).
• Hierarchy: It is heavily involved in monitoring Scientology’s organizational structure, which is led by the RTC and David Miscavige.
• Control Mechanism: All Scientology organizations report to this network, allowing central management to oversee and control operations, finances, and personnel worldwide.
• Operations: In the past, INCOMM has been linked to severe internal discipline, such as the 1995 incident involving the “St. Valentine’s Day Massacre,” where staff were severely restricted following a data leak.
• Personnel: The management organizations, including those responsible for INCOMM, are staffed by the Sea Org, the highest tier of Scientology staff. 

Qilin Threat Assessment: If St. Hill was a node attack and Qilin breached INCOMM internationally, then the extent of what Qilin obtained is potentially unlimited. Air-gapped systems may have been no barrier for reasons we describe below. The FSB, FSB-linked hackers, and other hacker groups have breached air-gapped systems.

III: The Sea Org Connection

For decades, Scientology’s Sea Org has long used American R1 religious worker visas to recruit from Russia and Eastern Europe by promising people a better life in the West.

Our sources tell us that Sea Org recruiters began recruiting heavily from Ukraine following the Russian invasion. This raises the distinct possibility of the Russian FSB recruiting, bribing, or otherwise compromising Russians, Ukrainians, and other Eastern Europeans that joined the Sea Org.

A Flag Land Base piece from our archives shows the types of workers Scientology needs for its Sea Org slave labor force:

IV. What Ethnic Communities Know

Ethnic communities in Russia and Eastern Europe know: 

• A Scientology Sea Org religious worker visa can get you into Europe, Florida, LA, or the UK
• You do a few months of work in the Sea Org
• You then “blow” (escape) into the local ethnic community
• Russian nationals, and other foreign nationals, have used this process to get to Clearwater and Los Angeles and then disappear into Miami and Los Angeles. This has been shared by former Sea Org members 

V: The Vetting That Doesn’t Exist

Q: Are background checks actually performed on Russian and Eastern European Sea Org recruits?
A: Not beyond Scientology’s metered “Life History” questionnaire and A-J sec checks which trained agents could easily evade. Likewise, Sea Org members recruited by threat actors after they were already in the Sea Org would be subject to fewer sec checks. 

The EPF (Estates Project Force): Sea Org boot camp. 16-hour days combining heavy physical labor, LRH study, and military-style drills. Designed to see if you can handle Sea Org life. Very few fail—the organization is desperate for bodies due to extreme turnover and constant “blows.”

Q: Would OSA notice someone “too skilled” for Sea Org life?
A: Extreme computer expertise might arouse suspicion in Scientology. But an operative would calibrate to show enough competence to get promoted into INCOMM computer operations over 6-12 months.

VI: The “Blow” Protocol: A Spy’s Dream

Q: Does Scientology report Sea Org escapees to Immigration Authorities?
A: Absolutely not. Scientology in America and the West cannot risk having its religious worker visas questioned by immigration agencies. Based upon our sources, SO escapees are listed as AWOL internally—Scientology hopes they’ll return after failing to find work.

Q: Are escapee files purged?
A: Never. Files are never purged in Scientology

Q: Does OSA track where they went?
A: In the past, OSA had recovery teams. Now this would be viewed as kidnapping, stalking, crossing state lines. Scientology makes calls to the escapee’s family, but families in Ukraine, Russia, Mexico won’t cooperate.

The perfect intelligence operations environment:

VII: The Operational Cycle: 

INSERTION              OPERATION               EXTRACTION              AFTERMATH
    │                      │                       │                       │
Enter via ────→ Access systems ────→ "Blow" ────→ Disappear into
R1 visa          Map organization      when ready   ethnic community
                 Low-level INCOMM                   
                 access                             Scn won't report
                 6-12 months                        Scn won't pursue
                                                    Scn keeps useless files
                                                    Family won't cooperate

VIII: The Ukrainian Sea Org Recruitment Surge

Since 2023: Scientology has been heavily recruiting in Kiev for Ukrainians to join the Sea Org. Also recruiting from Ukrainian refugee camps in Dublin.

The numbers: The Russian invasion created an exodus of 600,000+ Ukrainians from Kiev—many skilled professionals, many bilingual. 

The pitch: OSA recruiters promise religious worker visas and “a safe life in the West.”

The vulnerability: The same desperation that makes Ukrainians attractive recruits makes the pipeline exploitable:

• FSB could recruit a Ukrainian asset
• Asset joins Sea Org through legitimate religious work visa pipeline
• Asset shows “some” computer skills (not expert-level)
• Asset gets promoted into INCOMM over 6-12 months
• Asset accesses the messaging server that “never gets purged”
• Asset “blows” into Miami or LA ethnic community
• Scientology won’t report, won’t pursue, keeps useless files

The question isn’t whether FSB has exploited this. The question is how many times. 

IX: The FSB in London

In March 2025, three Russian-connected Bulgarians residing in the UK were convicted of spying for Russia:

Three Bulgarian nationals based in the United Kingdom have been convicted by a London jury of spying for Russia on what police said was “an industrial scale”.

The trio was accused of putting lives in danger as they followed orders on behalf of Russian intelligence to carry out surveillance across Europe on Kremlin opponents, including journalists, diplomats and Ukrainian troops.

A jury at London’s Old Bailey court on Friday found Bulgarian nationals Katrin Ivanova, 43, Vanya Gaberova, 30, and Tihomir Ivanchev, 39, guilty of spying for Russia on what police said was “an industrial scale.”

The trio engaged in a series of surveillance and intelligence operations over three years during which one of their ringleaders nicknamed them “the Minions”, a reference to the yellow sidekicks in movie, Despicable Me, who work for supervillain Gru.

The defendants – who worked for the Russian intelligence service GRU – face up to 14 years in prison when they are sentenced in May along with three other Bulgarian members of the same spy cell.

The trio’s leader, Orlin Roussev, 47, his deputy Biser Dzhambazov, 43, and co-conspirator Ivan Stoyanov had all pleaded guilty to spying for Russia shortly before the trial. 

The convictions of the Bulgarians for spying in the UK on “an industrial scale” makes Scientology a logical target due to a) Scientologist John Coale’s position as one of President Trump’s attorney and his appointment by Trump as the US Special Envoy to Ukraine and Belarus, b) allegations of Scientology money laundering via the City of London and other locations, and c) the FSB tracking Scientology’s total financial and internal information globally. 

The Crown Prosecution Service issued a press release on May 12, 2025, detailing some of the sophisticated means the FSB-linked Bulgarians used:  

Given the Sea Org’s recruitment of Russians and Eastern Europeans, the FSB-Bulgarian spies would have had easy access to compromised Sea Org members, and St. Hill itself, by posing as Consular officials, family members, British authorities, inspectors, utility workers, etc.

X: Revenge and Money 

In terms of a threat actor, or a ransomware group, looking for vulnerable targets, the cash rich Church of Scientology would be a high profile target, particularly as its weakest point is the human factor: Sea Org members are paid slave wages; human trafficked; subjected to extreme punishments; fed poorly; and so on. As such, angry, stressed, and financially broken Sea Org members have every reason to seek revenge against Scientology; the family members of these oppressed, captive, and trafficked Sea Org members would share these motives for revenge. If money from a foreign intelligence service was factored in, the revenge would be that much sweeter. 

In our estimate, Scientology’s Sea Org is its weakest link. Indeed, former Sea Org members who have exposed what actually goes on inside of Scientology have done enormous reputational damage to this organization over the decades.

XI: Blue Cube Security Ltd

Google Maps shows a Blue Cube Security Ltd office (geolocated at 51.107534, -0.026061) across the way from Scientology’s St. Hill location. While it is unknown if Blue Cube provides cybersecurity services to Scientology, the proximity of a Blue Cube office in the car park adjacent to St. Hill could reasonably infer a corporate relationship. If so, Qilin would have known about Blue Cube as part of planning its breach. 

XII: Scientology Bulgaria

Scientology has a location in Bulgaria which appears to be in a private residence. This would easily allow FSB infiltration into a home laptop or computer.  

L. Ron Hubbard had a plan to create a safe haven in what he called “Bulgravia.” This is a name for Bulgaria, Greece, Albania, and the former Yugoslavia. Scientology’s insane plan for a Balkan Holy Land state is reported on here.

Scientology Bulgaria’s FB page has a video in which a Scientologist is talking about demons. The FSB would view him as a useful idiot who could possibly be used to insert a USB stick into a computer; this along with other useful Scientology idiots scattered everywhere Scientology operates. 

Below: We post the material from our research notes on the Qilin Ransomware hack for our readers:

XIII: OTL Russia Goes Dark — Hungary Takes Over

When Russia designated WISE “undesirable” in 2021, OTL Russia (which managed all CSI Scientology operations) appears to have become non-operational. 

Operation & Transport Liaison (OTL): a management unit in Scientology, responsible for managing a certain part of a continent. In essence it is a small CLO.

However, due to recent arrests of WISE members in Siberia, we know that WISE operations continued in Russia. Someone was still coordinating them.

WISE Central Europe (Budapest):

• Address: 1031 Budapest, Nánási utca 1/C
• Representative: Imre Tóth
• Staffed by Sea Org members
• Serves nine languages including Russian

The wise.hu website offers materials in: Hungarian, English, Slovak, Czech, Slovenian, Croatian, Romanian, Bulgarian, and Russian.

The logical conclusion: After the 2021 designation, Russian WISE operations routed through Hungary—an EU member with Orban’s friendly relationship with Moscow, geographic proximity to Russia, and existing infrastructure for former Soviet bloc operations.

The money trail: According to sources, CLO EU (Copenhagen) handled all licensing and money flows to OTLs. This means: 

St. Hill UK (services) ←──────────────────────────→ CLO EU Copenhagen
                                                          │
                                                          │ (licensing, money)
                                                          ▼
                                                    OTL Hungary
                                                          │
                                                          ▼
                                                 Russian WISE operators
                                               (Naumenko, Stupar, others)

If the St. Hill breach accessed communications with CLO EU, or if the shared messaging server contained coordination records, FSB now has documentation of the entire pipeline.

XIV: The Arrests of Scientology WISE Members in Siberia

March 31, 2025 — Kaliningrad: FSB arrested an unnamed business trainer for conducting WISE seminars. Charged under Article 284.1 (undesirable organization activities). Faces up to 6 years imprisonment.

December 17, 2025 — Altai (Siberia): FSB officers with OMON military police detained K. Naumenko and A. Stupar on charges of recruiting business professionals “under the guise of lectures, seminars and consultations.”

Seized:

• Cellphones
• Laptops
• Bank accounts
• “Religious symbols, paraphernalia of undesirable NGOs and extremist literature”

The 13-day gap: December 4 (Qilin claim) → December 17 (arrests) = operational tempo for: exfiltration → analysis → targeting → FSB coordination → execution.

The intelligence yield: From the breach, FSB potentially has the organizational records. From the seized devices, FSB has the communications with Budapest and UK. From the interrogations, FSB has human intelligence on the network.

Both ends of the chain.

XV: The Svitlana Naumenko Question

Svitlana Naumenko appears in Auditor magazine volume 54, number 4 (November 2018) completing Class IV Auditor Internship—listed alongside other Russian/Ukrainian/Eastern European names and notably Zoltán Hódossy (Hungarian).

Is Svitlana related to the arrested K. Naumenko? Where did she train? The Auditor magazine is published by AOSH UK.

XVI: Scientology Hollywood

INCOMM assets on PAC Base and the HGB on Sunset Boulevard would be the logical ultimate hacker targets. These facilities are within walking distance of:  

• The Ukrainian Cultural Center LA
• The Hollywood area Russian community (strong presence)
• Armenian Organized Crime, a syndicate with ties to the Russian mafia, is very active in Los Angeles. AOC possesses hacking skills. As such, organized crime in Hollywood and the SFV could easily provide foreign threat actors access points to Scientology’s INCOMM and OSA computer networks.
  

A Bitcoin.com story from July 27, 2025 written by Kevin Helms reports on a prolific Armenian hacker. Helms’ story illustrates why the cash-rich Church of Scientology is such an attractive target for ransomware attacks:

XVII: The FBI 

This counterintelligence vulnerability has been documented and reported. The FBI needs to investigate these issues further: 

• Scientology’s R1 visa infiltration pathway
• Zero meaningful vetting by Scientology of Russian and Eastern European Sea Org recruits
• Known escape routes into ethnic communities
• The FSB gaining access to Scientology’s files on US officials, high profile Scientologists, and other information OSA possesses
• A Scientology system that cannot be fixed without exposing visa fraud

The First Amendment protects religious practice. It does not protect:

• Visa fraud
• Counterintelligence vulnerabilities
• Unvetted foreign nationals with system access
• A pathway FSB can exploit at will

Now Qilin happens. And everything documented for the FBI is playing out in real time:

• St. Hill breached
• Russian WISE operators arrested
• Visa records leaked
• The messaging server that “never gets purged” potentially compromised
• A US Special Envoy with files in the system

XVIII: The John Coale Factor

As we reported in our previous article, John P. Coale is a veteran Washington attorney and has been a Scientologist since the early 1980s. His wife, journalist Greta Van Susteren (Newsmax), is also a Scientologist. Both have reportedly completed OT 8 — Scientology’s highest level which is delivered on the Freewinds ship.

The 2025 Timeline

XIX: What Scientology Holds on Coale and Van Susteren 

After 40+ years in Scientology and completing OT 8, Coale and Van Susteren’s files would include:

• PC folders digitized and sent to Ethics, OSA, RTC, etc: Decades of auditing session records—confessions, sexual history, personal crises, potentially criminal admissions
• Ethics files: Any disciplinary actions, “conditions assignments,” internal investigations
• Knowledge Reports in RTC database: Reports filed on him by other members
• Financial records: Donations, course purchases, IAS contributions (potentially hundreds of thousands of dollars)
• Freewinds clearance file: Documentation of any disqualifying information reviewed before OT 8 authorization and what amends projects were assigned to dismiss those disqualifying factors
• Bitcoin and other Crypto holdings and Scientologists involved in Crypto
• Data on CESNUR, the Milan Org, Ticino, and other specific people and locations
• Data on WISE businesses globally 
  

  ---

Part XX: Russia’s Long Game

The ECHR Rulings Russia Ignored

Scientology has repeatedly defeated Russia at the European Court of Human Rights:

• 2007: ECHR rules Russia cannot ban Scientology
• 2009: ECHR rules for Scientology branches denied registration
• 2014: ECHR recognizes Scientology as legal entity in Russia
• 2021: ECHR rules Hubbard’s books cannot be labeled “extremist”

Russia’s response: Ignored all rulings.

September 2021: Designated WISE and CST “undesirable”—three months after the December 2021 ECHR ruling.

2022: Russia withdrew from the Council of Europe entirely.

December 2025: FSB arrests Scientology operatives, seizes devices.

The ECHR rulings have never stopped Russia. The 2021 “undesirable” designation and December 2025 arrests are part of a sustained campaign operating entirely outside European legal constraints.

XXI: The Strategic Value

For FSB, the Qilin breach potentially provides:

Short-term: Pressure/leverage over Coale during Belarus negotiations

Medium-term: Crush remaining Scientology operations in Russia

Long-term: Kompromat files on wealthy Russians, US officials, business elite

Part XXII: What We Know and Don’t Know

Documented Facts

• ✓ Qilin claimed St. Hill breach (December 4, 2025)
• ✓ 22 screenshots published showing visa records, security budgets, financial data, Knowledge Reports
• ✓ FSB arrested Scientology operatives in Altai (December 17, 2025)
• ✓ FSB arrested WISE trainer in Kaliningrad (March 2025)
• ✓ Russia designated WISE/CST “undesirable” (September 2021)
• ✓ John Coale appointed Special Envoy to Belarus (November 9, 2025)
• ✓ Coale is a 40+ year Scientologist who has completed OT 8
• ✓ OTL Russia became non-operational after 2021
• ✓ WISE Hungary operates in Russian language from Budapest
• ✓ Ukrainian recruitment has surged since 2023

XXIII: What Sources Report

• Scientology’s “air-gapped” systems connect through a shared messaging server
• The server’s 30-day purge policy is not enforced
• CLO EU (Copenhagen) handles licensing and money for OTLs
• Russians prefer St. Hill to avoid Interpol surveillance in continental Europe
• R1 visa escapees are not reported to immigration
• Files are never purged
• OSA no longer runs physical recovery teams
• Vetting consists of Life History questionnaire (catches nothing relevant)
• Underground boards advertise the Sea Org visa pathway

XXIV: What We Don’t Know

• Whether Qilin accessed the shared messaging server
• Whether Coale’s files were among compromised data
• Whether FSB directed the attack or exploited its results
• How many operatives may have used the infiltration pathway
• Whether any active infiltrators remain in INCOMM positions
• What coordination existed between St. Hill, Budapest, and Russian operatives

XXV: The Structural Problem

Scientology has created an organization where:

1. They cannot report escapees — R1 visa scrutiny would expose the pipeline
2. They cannot pursue escapees — Legal liability (kidnapping, stalking)
3. They cannot purge files — Organizational doctrine prohibits it
4. They cannot vet properly — Desperate need for bodies
5. They cannot secure systems — Architecture degraded, server never purged
6. They cannot close the vulnerability — Every fix exposes another problem

The FBI declined to investigate, citing First Amendment protections.

Now a Russian-linked ransomware group has exposed exactly what was documented for federal authorities years ago.

Conclusion

The Qilin attack on Scientology is not primarily a story about ransomware, or even about John Coale—though his position as Special Envoy to Belarus while holding 40 years of Scientology confessional exposure is a legitimate counterintelligence question.

This is a story about an wealth extraction and intelligence gathering operation masquerading as a religious organization:

• Holding files on a US Special Envoy; high profile Scientologists; City of London financiers; Dubai connections; Russian oligarch money flows into Scientologist-owned businesses.
• With an open-door infiltration pathway they cannot close
• Connected by a “secured” network that exists only on paper
• Protected by First Amendment concerns that paralyzed federal investigation
• Now breached by actors with ties to Russian intelligence

Sources

Cybersecurity reporting: Cybernews, HackRead, SC Media, Zataz.com
Russian media (arrests): TASS, Izvestia
Coale background: Wall Street Journal, Kyiv Post, Kyiv Independent, Bloomberg, Washington Post, Heavy.com, St. Petersburg Times (1998)
Scientology structure: ScientologyBusiness.com, Scientology Money Project, court documents.
Communications infrastructure: Scientology Money Project, FCC filings, FMCSA SAFER database (DOT carrier records), Chuck Beatty testimony
ECHR rulings: HUDOC database, Bitter Winter
Organizational sources: Former St. Hill staff (Division 6), former WISE Hungary leadership, former INCOMM staff

This investigation is ongoing. Additional documentation may follow as sources respond.