21 June 2022

Germany indicts Russia-linked APT28 hacker who targeted NATO think tank


Germany indicts Russia-linked APT28 hacker who targeted NATO think tank

German authorities have issued an arrest warrant for the Russian hacker Nikolaj Kozachek (aka “blabla1234565” and “kazak”) accused of carrying out cyber-espionage operations against a NATO think tank in Germany on behalf of the Russian military intelligence service.

According to German officials, Kozachek compromised the IT systems of the Joint Air Power Competence Center, a think tank in North Rhine-Westphalia in April 2017, and planted the X-Agent spyware on the organization’s computers. The hacker is said to have compromised at least two systems and gained access to internal information from NATO, however, at this time the extent of the attack is not clear.

Established in 2005, the Joint Air Power Competence Center (JAPCC) is focused on the development of strategic / operational leadership and operational principles for the joint use of air and space by NATO and the JAPCC nations.

The investigators linked the 32-year-old Russian national to an advanced persistent threat group known as APT28 (or Fancy Bear) believed to have ties to the GRU military intelligence agency, German news outlet Der Spiegel said. APT 28 was previously linked to the attack on the IT system of the German Bundestag in the spring of 2015.

Officials also said they found evidence that besides the JAPCC the APT28 group attacked around 1,000 other targets.


Back to the list

Latest Posts

Researchers uncovered undetectable malware linked to Russia's APT

Researchers uncovered undetectable malware linked to Russia's APT

According to a recent report published by Palo Alto Networks, new piece of malware currently evades 56 antivirus products.  
6 July 2022
New ransomware operation RedAlert puts victims on a "board of shame"

New ransomware operation RedAlert puts victims on a "board of shame"

At this point, only one victim is listed on the RedAlert’s data leak website, indicating that the development is very new.
6 July 2022
Microsoft silently issued a fix for ‘ShadowCoerce’ NTLM Relay attack

Microsoft silently issued a fix for ‘ShadowCoerce’ NTLM Relay attack

Despite patching the flaw, Microsoft hasn’t provided any details about it and assigned a CVE ID yet.
6 July 2022