The world’s most wanted cybercriminal was found by Ukrainian hackers

Ukrainian hacktivists from the Cyber Resistance organization hacked the email of Lieutenant Colonel Sergei Aleksandrovich Morgachev, an officer of the Russian Main Intelligence Directorate and curator of the Russian hacker group APT 28. IT specialists provided dumps of his private correspondence to the international intelligence community InformNapalm.

APT 28 (other common names are Fancy Bear, Pawn Storm) is one of the most famous hacker groups of the terrorist state, which is accused of many cybercrimes around the world. The organization is directly subordinated to Russian military intelligence. The cybercriminals have hacked government and civilian facilities in the United States, Germany, Italy, Latvia, Estonia, the Czech Republic, Poland, Norway, the Netherlands, Ukraine, and others.

According to InformNapalm researchers, back in July 2018, the US Department of Justice published an official indictment against 12 GRU employees accused of hacking into the servers of the US Democratic Party and attempting to interfere in the US elections. Among the 12 names listed in the document is Lieutenant Colonel Sergei Morgachev.

Interestingly, hacktivists of the Cyber Resistance found a letter from Apple in 2018 on Morgachev’s email [email protected]. In it, the company’s service center informed the criminal that the FBI was demanding disclosure of information because Morgachev was put on the international wanted list.

Ukrainian hackers also published Morgachev’s biography. As it turned out, he is a native of Kyiv, Ukraine. However, the criminal later moved to Russia, where he studied at the FSB Academy. Then he served in the military unit 26 165. He is considered a citizen of Russia. According to the documents, he has access to state secrets.

From August 2022 to the present, Morgachev has been working as a «Software Engineer of the 1st category» at SPECIAL TECHNOLOGICAL CENTER LLP. His questionnaire also contains the actual address of his place of service: 21, Gzhatskaya St., St. Petersburg, apartment 53.

SPECIAL TECHNOLOGICAL CENTER LLC (STC) is an enterprise that plays an important role in ensuring the armed aggression of the Russian Federation against Ukraine. According to the official website of the NAPC of Ukraine, this organization has already been sanctioned by the United States, the United Kingdom, Canada, Switzerland, Japan, the EU and Ukraine.

Activists from InformNapalm also said that in 2015−2016, Russian hackers from APT 28 repeatedly tried to send phishing emails to the team of volunteers. However, all attempts were unsuccessful. Instead, the Russians' actions led to the disclosure of planned cyberattacks by Russian hackers. The most high-profile hack of the time was the hacking of the US Democratic Party servers. Finally, in March 2023, the organizer of APT 28, Lieutenant Colonel Serhiy Morgachev, was hacked by Ukrainian hacktivists.

«Cyber Resistance handed over a full dump of Morgachev’s correspondence and personal files for publication to the media, the FBI, and anyone interested in the case.

The full investigation by Ukrainian activists is available here .