Germany indicts Russia-linked APT28 hacker who targeted NATO think tank

Germany indicts Russia-linked APT28 hacker who targeted NATO think tank

German authorities have issued an arrest warrant for the Russian hacker Nikolaj Kozachek (aka “blabla1234565” and “kazak”) accused of carrying out cyber-espionage operations against a NATO think tank in Germany on behalf of the Russian military intelligence service.

According to German officials, Kozachek compromised the IT systems of the Joint Air Power Competence Center, a think tank in North Rhine-Westphalia in April 2017, and planted the X-Agent spyware on the organization’s computers. The hacker is said to have compromised at least two systems and gained access to internal information from NATO, however, at this time the extent of the attack is not clear.

Established in 2005, the Joint Air Power Competence Center (JAPCC) is focused on the development of strategic / operational leadership and operational principles for the joint use of air and space by NATO and the JAPCC nations.

The investigators linked the 32-year-old Russian national to an advanced persistent threat group known as APT28 (or Fancy Bear) believed to have ties to the GRU military intelligence agency, German news outlet Der Spiegel said. APT 28 was previously linked to the attack on the IT system of the German Bundestag in the spring of 2015.

Officials also said they found evidence that besides the JAPCC the APT28 group attacked around 1,000 other targets.


Back to the list

Latest Posts

Police crackdown shuts down major Kidflix platform hosting child sexual abuse material

Police crackdown shuts down major Kidflix platform hosting child sexual abuse material

As a result of the operation, 79 arrests were made, 1,393 suspects identified, and over 3,000 electronic devices seized.
2 April 2025
Ongoing campaign targets exposed PostgreSQL instances to deploy crypto miners

Ongoing campaign targets exposed PostgreSQL instances to deploy crypto miners

The campaign could involve over 1,500 compromised systems.
2 April 2025
DPRK IT worker threat expands beyond the US, focuses on Europe

DPRK IT worker threat expands beyond the US, focuses on Europe

The schemes come with new tactics, including extortion campaigns and corporate virtualized infrastructure compromises.
2 April 2025