“Made in Europe” password manager Passwork turns out to be Russian
“This is far more effective than a plane or a bomb.”

Image by Cybernews
- Passwork markets itself as European, but investigators found it was developed in Russia and later moved to Spain.
- Russian state-linked users include Gazprom, Transneft, the Ministry of Defense, and the Federal Security Service.
- Experts warn technical similarities between Russian and European versions could expose European clients to cyber risks.
- Passwork says its European business uses German servers and does not share systems or customer data with Russia.
Key Takeaways by nexos.ai, reviewed by Cybernews staff.
Passwork, a password vault company with ties to Russia, has been used by critical European enterprises and government agencies, posing cybersecurity risks.
A joint investigation by the media outlets Investico, NU.nl, De Groene Amsterdammer, Le Monde, and De Tijd sheds light on the origins of the Spain-based password manager Passwork.
On its English-language website, Passwork positions itself as a Finnish company founded in 2017 that recently relocated its headquarters to Barcelona, according to the Investico report, which Cybernews machine-translated.
The password vault is marketed as “made in the EU” and claims to comply with the bloc’s privacy and cybersecurity laws.
“Developed in Europe, with full GDPR and NIS2 compliance and data sovereignty,” the website reads.
In reality, however, Passwork was developed in Russia in 2014, and the company was transferred to Spain following Russia's invasion of Ukraine.
Stay updated with our latest stories and follow us on social media
Be the first to discover new stories, ideas, and updates from our team.
However, the Russian software version is still available in the country, where it is used by major state-owned enterprises, such as energy giants Gazprom and Transneft.
The Russian Ministry of Defense and the Federal Security Service (FSB) are also among Passwork’s users, the investigation finds.
Bart van den Berg, a head of the security unit at the Clingendael Institute, told Investico that Russian links could give the Kremlin “extensive insight into the software and its vulnerabilities.”
In addition, because of technical similarities between the European and Russian versions of Passwork, Moscow could exploit software flaws to target European companies.
The software also found its clients among critical European enterprises, including major Dutch solar parks operator Novar, a French port operator, and Irish government agencies.
According to van den Berg, Novar is an attractive target for hostile foreign powers like Russia, because gaining control over its solar panels could trigger a large-scale power outage in the Netherlands.
“This is far more effective than a plane or a bomb,” he tells Investico.
Passwork’s CEO, Alexander Muntyan, told investigators that the company obtained a license to sell Passwork in Europe through a UAE-based entity run by the Russian founders.
Muntyan says it uses Germany-based servers and doesn’t share any “servers, customer data, or other systems” with the Russian company.
This isn’t the first time European software has come under fire due to ties to Russia.
Euro-Office, launched in June 2026 as a European alternative to Microsoft 365 and Google Docs, has stirred controversy for being a fork of OnlyOffice.
The company behind OnlyOffice is currently registered in Latvia, but the software originated in Russia, raising questions about Euro-Office’s sovereignty claims and potential vulnerabilities.