21 June 2022

Germany indicts Russia-linked APT28 hacker who targeted NATO think tank


Germany indicts Russia-linked APT28 hacker who targeted NATO think tank

German authorities have issued an arrest warrant for the Russian hacker Nikolaj Kozachek (aka “blabla1234565” and “kazak”) accused of carrying out cyber-espionage operations against a NATO think tank in Germany on behalf of the Russian military intelligence service.

According to German officials, Kozachek compromised the IT systems of the Joint Air Power Competence Center, a think tank in North Rhine-Westphalia in April 2017, and planted the X-Agent spyware on the organization’s computers. The hacker is said to have compromised at least two systems and gained access to internal information from NATO, however, at this time the extent of the attack is not clear.

Established in 2005, the Joint Air Power Competence Center (JAPCC) is focused on the development of strategic / operational leadership and operational principles for the joint use of air and space by NATO and the JAPCC nations.

The investigators linked the 32-year-old Russian national to an advanced persistent threat group known as APT28 (or Fancy Bear) believed to have ties to the GRU military intelligence agency, German news outlet Der Spiegel said. APT 28 was previously linked to the attack on the IT system of the German Bundestag in the spring of 2015.

Officials also said they found evidence that besides the JAPCC the APT28 group attacked around 1,000 other targets.


Back to the list

Latest Posts

Free VPN apps on Google Play turned Android devices into residential proxies

Free VPN apps on Google Play turned Android devices into residential proxies

The threat actor behind this scheme profits by selling access to the residential proxy network to third parties.
28 March 2024
Cyber spies strike Indian government and energy sectors

Cyber spies strike Indian government and energy sectors

The operation involved phishing emails delivering the HackBrowserData info-stealer.
28 March 2024
Spyware makers and state-backed hackers are primary culprits behind rise in zero-day exploits, Google says

Spyware makers and state-backed hackers are primary culprits behind rise in zero-day exploits, Google says

97 zero-day flaws were exploited in-the-wild in 2023, marking an increase of over 50% compared to 2022.
27 March 2024