From Bellingcat, a deep dive on a GRU hacker, involved in multiple hacking operations. The story underscores and illuminates the fact the GRU is involved in operations against the German parliament, the Bundestag, as well as international organizations such as The Organisation for the Prohibition of Chemical Weapons and the World Anti-Doping Agency.
It is not a “hoax” to say that Russian intelligence has targeted these Western institutions. It’s a reality, as the story of Dmirty Badin shows.
German media report that the German Federal Police has been able to link the 2015 phishing campaign and subsequent data theft to Dmitry Badin, an assumed member of GRU’s elite hacking unit 26165, better known among cyber security analysts as APT28.
The operations linkage to him has reportedly been made based on log analysis and “information from partner services”; however, no specific evidence of how the attribution was made has yet been made public. Dmitry Badin was already on FBI’s wanted list over his alleged involvement in several hacking operations attributed to GRU’s APT28 unit. Among these operations was the hack of the anti-doping organization WADA while it was investigating a doping administration program, as well the DNC hack in the eve of the US presidential elections.