German authorities have issued an arrest warrant for the Russian hacker Nikolaj Kozachek (aka “blabla1234565” and “kazak”) accused of carrying out cyber-espionage operations against a NATO think tank in Germany on behalf of the Russian military intelligence service.

According to German officials, Kozachek compromised the IT systems of the Joint Air Power Competence Center, a think tank in North Rhine-Westphalia in April 2017, and planted the X-Agent spyware on the organization’s computers. The hacker is said to have compromised at least two systems and gained access to internal information from NATO, however, at this time the extent of the attack is not clear.

Established in 2005, the Joint Air Power Competence Center (JAPCC) is focused on the development of strategic / operational leadership and operational principles for the joint use of air and space by NATO and the JAPCC nations.

The investigators linked the 32-year-old Russian national to an advanced persistent threat group known as APT28 (or Fancy Bear) believed to have ties to the GRU military intelligence agency, German news outlet Der Spiegel said. APT 28 was previously linked to the attack on the IT system of the German Bundestag in the spring of 2015.

Officials also said they found evidence that besides the JAPCC the APT28 group attacked around 1,000 other targets.