Ukrainian hacktivist group Cyber Resistance claims to have hacked the email, social media, and personal accounts of Russian GRU officer Lieutenant Colonel Sergey Alexandrovich Morgachev, leader of APT28, also known as Pawn Storm and Fancy Bear.
APT28 reports directly to the Russian military intelligence agency and has carried out cyberattacks against high-profile entities in various countries, including the USA, Italy, Germany, Estonia, The Netherlands, Czech Republic, Norway, Poland, and Ukraine. The group made headlines during the 2016 US elections after hacking the servers of the US Democratic Party.
The hacktivists gained access to Morgachev’s personal account on the government services portal, verified the data they had previously obtained from document scans and his current residence and place of service addresses, and accessed his AliExpress account, where they ordered goods for him using his card for payment, including souvenirs featuring the FBI’s logo and adult toys.
The compromised documents included three scanned copies of Morgachev’s personal documents, including Form 4 and passport, as well as his fresh medical certificate dated 13 December 2022, required for security clearance to access classified documents.
The information was shared with a volunteer intelligence community called InformNapalm. The hacktivists shared Morgachev’s private correspondence with InformNapalm volunteers, who then released the data into the public domain.
This incident highlights the increasing threat posed by Cyber Resistance and other Ukrainian hacktivist groups to Russia’s critical infrastructure, government, and non-government entities.
Morgachev is wanted by the Federal Bureau of Investigation (FBI) for his involvement in devastating cybercrimes globally. APT28 was also involved in phishing attacks against authorities investigating the MH17 crash and was accused of posing as ISIS to send death threats to US army wives in 2018.
The incident further suggests that Ukrainian hacktivist groups, such as Cyber Resistance, pose a growing threat to Russian entities, which could lead to further escalation of cyber conflict between the two countries.
