APT28 or Fancy Bear, the notorious Russian hacking group known for espionage attacks, is in some trouble. Ukrainian hackers have reportedly breached the email of the APT28 leader, who is a Russian GRU senior officer and appears on the wanted list of the FBI.
What has happened?
Ukrainian cybercrime group Cyber Resistance claimed to have hacked the email, personal accounts, and social media of a Russian GRU officer, Lieutenant Colonel Sergey Alexandrovich Morgachev.
Morgachev’s accounts at the government services portal were hacked by gaining access to his personal account.
Subsequently, the hacker gang verified the data obtained previously from document scans and his current place and residence of service addresses.
The email hack allowed the hackers to extract sensitive documents along with personal information and photos, and then leak them into the public domain.
But, who is Cyber Resistance?
Cyber Resistance is the same group revealed in a previous report and had a role in a recent hack of email accounts belonging to Russian Colonel Sergey Valeriyevich Artoshchenko.
In March, the cybercriminal groups (Team OneFist and GhostSec) on both sides of the Ukraine war claimed to have infiltrated critical infrastructure networks.
In January, an Anonymous-affiliated group, GhostSec, claimed to deploy ransomware to encrypt a Belarusian remote terminal unit (RTU), a device for remote monitoring.
Post-breach activities
Criminals accessed Morgachev’s AliExpress account and goods, such as adult toys and the FBI’s logo, were ordered using his credit card. Further, his social media accounts were hacked.
The private correspondence of Morgachev was shared with InformNapalm volunteers, who released the details into the public domain.
The leaked documents included three scanned copies of personal documents, Form 4, a passport, and a fresh medical certificate required for security clearance to access classified documents.
Conclusion
The Russia-based hackers have already been targeting Ukrainian entities since the Ukraine invasion last year, and vice-versa. For Ukraine, admins are urged to keep a backup of sensitive data and don’t leave any endpoint open for Russian cybercriminals as the group will most probably come back with an attack.