Germany indicts Russia-linked APT28 hacker who targeted NATO think tank

Germany indicts Russia-linked APT28 hacker who targeted NATO think tank

German authorities have issued an arrest warrant for the Russian hacker Nikolaj Kozachek (aka “blabla1234565” and “kazak”) accused of carrying out cyber-espionage operations against a NATO think tank in Germany on behalf of the Russian military intelligence service.

According to German officials, Kozachek compromised the IT systems of the Joint Air Power Competence Center, a think tank in North Rhine-Westphalia in April 2017, and planted the X-Agent spyware on the organization’s computers. The hacker is said to have compromised at least two systems and gained access to internal information from NATO, however, at this time the extent of the attack is not clear.

Established in 2005, the Joint Air Power Competence Center (JAPCC) is focused on the development of strategic / operational leadership and operational principles for the joint use of air and space by NATO and the JAPCC nations.

The investigators linked the 32-year-old Russian national to an advanced persistent threat group known as APT28 (or Fancy Bear) believed to have ties to the GRU military intelligence agency, German news outlet Der Spiegel said. APT 28 was previously linked to the attack on the IT system of the German Bundestag in the spring of 2015.

Officials also said they found evidence that besides the JAPCC the APT28 group attacked around 1,000 other targets.


Back to the list

Latest Posts

Cyber Security Week in Review: April 11, 2025

Cyber Security Week in Review: April 11, 2025

In brief: Microsoft fixes yet another Windows zero-day, Russian hackers continue to target military missions, and more.
11 April 2025
Hackers exploited zero-day flaw in Gladinet CentreStack software since March

Hackers exploited zero-day flaw in Gladinet CentreStack software since March

The issue stems from a hardcoded machineKey in the web application’s configuration file.
10 April 2025
Intelligence agencies warn of Chinese spyware targeting Taiwan, Tibetan rights advocates

Intelligence agencies warn of Chinese spyware targeting Taiwan, Tibetan rights advocates

The advisory focuses on two spyware families, dubbed ‘BadBazaar’ and ‘Moonshine’ masquerading as seemingly legitimate apps.
9 April 2025