The Attorney General has issued an arrest warrant for the Russian hacker Nikolaj Kozachek (aka “blabla1234565” and “kazak”) who is accused to have carried out a cyber espionage attack against the NATO think tank Joint Air Power Competence Center in Germany. The attack took place in April 2017 and the man is accused of conducting the attack for the Russian military intelligence service GRU.
The arrest is the result of an investigation conducted by the Federal Criminal Police Office (BKA) and the Federal Police. According to Spiegel, the Federal Public Prosecutor has obtained an arrest warrant for Kozachek from the Federal Court of Justice.
“According to the findings of German investigators, Kozachek is said to have penetrated the IT system of the NATO think tank in Kalkar, not far from the Dutch border, in spring 2017. He is said to have installed malware there that has a so-called “keylogger” function, i.e. it records every keystroke and also secretly creates and sends screenshots of the computer screen.” reported the Tagesschau website.
The investigators believe the Russia-linked APT28 group has hit around 1,000 targets as a part of a cyber espionage campaign, which involved the use of the “X-Agent” implant.
“The German investigators were also able to secure the content of the Russian’s email accounts, who are said to have used Apple user accounts, among other things. This gave them access to all sorts of private documents and photos, including photos that are said to show awards and uniforms of the Russian military intelligence service GRU.” continues the post.
Security Affairs is one of the finalists for the best European Cybersecurity Blogger Awards 2022 – VOTE FOR YOUR WINNERS. I ask you to vote for me again (even if you have already done it), because this vote is for the final.
Please vote for Security Affairs and Pierluigi Paganini in every category that includes them (e.g. sections “The Underdogs – Best Personal (non-commercial) Security Blog” and “The Tech Whizz – Best Technical Blog”)
To nominate, please visit:
|[adrotate banner=”9″]||[adrotate banner=”12″]|
(SecurityAffairs – hacking, APT28)