Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|
Advertisement

Ad Placeholder

Full Width × 90

APT

Russian APT28 hacker accused of the NATO think tank hack in Germany

The Attorney General has issued an arrest warrant for a hacker who targeted a NATO think tank in Germany for the Russia-linked APT28. The Attorney General has issued an arrest warrant for the Russian hacker Nikolaj Kozachek (aka “blabla1234565” and “kazak”) who is accused to have carried out a cyber espionage attack against the NATO […]

spyware Germany Russia German Officials

The Attorney General has issued an arrest warrant for a hacker who targeted a NATO think tank in Germany for the Russia-linked APT28.

The Attorney General has issued an arrest warrant for the Russian hacker Nikolaj Kozachek (aka “blabla1234565” and “kazak”) who is accused to have carried out a cyber espionage attack against the NATO think tank Joint Air Power Competence Center in Germany. The attack took place in April 2017 and the man is accused of conducting the attack for the Russian military intelligence service GRU.

The arrest is the result of an investigation conducted by the Federal Criminal Police Office (BKA) and the Federal Police. According to Spiegel, the Federal Public Prosecutor has obtained an arrest warrant for Kozachek from the Federal Court of Justice.

German investigators believe that Kozachek is a member of the Russia-linked APT28 group (aka Fancy Bear), which is the same group that hacked the German Bundestag in 2015.

Kozachek hacked the computed of the NATO think tank in 2017 and installed a keylogger to spy on the organization.

“According to the findings of German investigators, Kozachek is said to have penetrated the IT system of the NATO think tank in Kalkar, not far from the Dutch border, in spring 2017. He is said to have installed malware there that has a so-called “keylogger” function, i.e. it records every keystroke and also secretly creates and sends screenshots of the computer screen.” reported the Tagesschau website.

The hacker compromised at least two systems and got access to internal information from NATO, however at this time it is not clear the extent of the attack.

The investigators believe the Russia-linked APT28 group has hit around 1,000 targets as a part of a cyber espionage campaign, which involved the use of the “X-Agent” implant.

“The German investigators were also able to secure the content of the Russian’s email accounts, who are said to have used Apple user accounts, among other things. This gave them access to all sorts of private documents and photos, including photos that are said to show awards and uniforms of the Russian military intelligence service GRU.” continues the post.

The German police are now searching for Kozachek along with another Russian hacker, Dimitri Badin, who is responsible for the Bundestag hack.

Security Affairs is one of the finalists for the best European Cybersecurity Blogger Awards 2022 – VOTE FOR YOUR WINNERS. I ask you to vote for me again (even if you have already done it), because this vote is for the final.

Please vote for Security Affairs and Pierluigi Paganini in every category that includes them (e.g. sections “The Underdogs – Best Personal (non-commercial) Security Blog” and “The Tech Whizz – Best Technical Blog”)

To nominate, please visit: 

https://docs.google.com/forms/d/e/1FAIpQLSdNDzjvToMSq36YkIHQWwhma90SR0E9rLndflZ3Cu_gVI2Axw/viewform

Follow me on Twitter: @securityaffairs and Facebook

[adrotate banner=”9″][adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – hacking, APT28)

[adrotate banner=”5″]

[adrotate banner=”13″]