Russian APT28 hacker accused of the NATO think tank hack in Germany

Pierluigi Paganini June 20, 2022

The Attorney General has issued an arrest warrant for a hacker who targeted a NATO think tank in Germany for the Russia-linked APT28.

The Attorney General has issued an arrest warrant for the Russian hacker Nikolaj Kozachek (aka “blabla1234565” and “kazak”) who is accused to have carried out a cyber espionage attack against the NATO think tank Joint Air Power Competence Center in Germany. The attack took place in April 2017 and the man is accused of conducting the attack for the Russian military intelligence service GRU.

The arrest is the result of an investigation conducted by the Federal Criminal Police Office (BKA) and the Federal Police. According to Spiegel, the Federal Public Prosecutor has obtained an arrest warrant for Kozachek from the Federal Court of Justice.

German investigators believe that Kozachek is a member of the Russia-linked APT28 group (aka Fancy Bear), which is the same group that hacked the German Bundestag in 2015.

Kozachek hacked the computed of the NATO think tank in 2017 and installed a keylogger to spy on the organization.

“According to the findings of German investigators, Kozachek is said to have penetrated the IT system of the NATO think tank in Kalkar, not far from the Dutch border, in spring 2017. He is said to have installed malware there that has a so-called “keylogger” function, i.e. it records every keystroke and also secretly creates and sends screenshots of the computer screen.” reported the Tagesschau website.

The hacker compromised at least two systems and got access to internal information from NATO, however at this time it is not clear the extent of the attack.

The investigators believe the Russia-linked APT28 group has hit around 1,000 targets as a part of a cyber espionage campaign, which involved the use of the “X-Agent” implant.

“The German investigators were also able to secure the content of the Russian’s email accounts, who are said to have used Apple user accounts, among other things. This gave them access to all sorts of private documents and photos, including photos that are said to show awards and uniforms of the Russian military intelligence service GRU.” continues the post.

The German police are now searching for Kozachek along with another Russian hacker, Dimitri Badin, who is responsible for the Bundestag hack.

Security Affairs is one of the finalists for the best European Cybersecurity Blogger Awards 2022 – VOTE FOR YOUR WINNERS. I ask you to vote for me again (even if you have already done it), because this vote is for the final.

Please vote for Security Affairs and Pierluigi Paganini in every category that includes them (e.g. sections “The Underdogs – Best Personal (non-commercial) Security Blog” and “The Tech Whizz – Best Technical Blog”)

To nominate, please visit:

Follow me on Twitter: @securityaffairs and Facebook

[adrotate banner=”9″][adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – hacking, APT28)

[adrotate banner=”5″]

[adrotate banner=”13″]

you might also like

leave a comment