Ukrainian hacktivists of Cyber Resistance team together with InformNapalm volunteer intelligence community have conducted a unique intelligence operation to hack an email account of the wife of the commander of the 85th Main Center of the Special Service of the Main Intelligence Directorate (GRU), military unit 26165. This is one of 12 Russian intelligence officers wanted by the FBI for interference in the U.S. elections in 2016. This hacking is an important event, as the Ukrainian hacktivists have for the first time managed to obtain a photograph and some other personal documents of colonel Viktor Borisovich Netyksho, who until 2018 was in command of military unit 26165, supervising the actions of Russian hacker servicemen who committed cybercrimes against a number of countries. Netyksho was an immediate superior of another Russian hacker, lieutenant-colonel Sergey Alexandrovich Morgachev, whom the Ukrainian hacktivists had hacked earlier, causing a sensation in the Western media.
The FBI had photos of 11 officers, with the 12th and most important of them, colonel Viktor Netyksho, remaining on the FBI list without a photo, as it was impossible to obtain his photo from either OSINT or HUMINT sources.
Hacking the email account of colonel Netyksho’s wife, Oxana Sergeevna Netyksho [Rus.: – Нетыкшо Оксана Сергеевна], helped obtain the passport data, a photo and the registered residence details of the most “classified” officer of the hacker dozen wanted by the FBI.
This is InformNapalm’s exclusive publication of his photos and other documents.
Viktor Borisovich Netyksho [Rus.: – Нетыкшо Виктор Борисович], born September 8, 1966 in Chita. Russian passport: 4516565233, issued on April 4, 2016.
Registered residence: Moscow, Karamzina Ave, bldg. 1, unit 3, apt. 422. Driver’s license: 9907 777420.
According to the hacked correspondence, in 2022 the Netyksho family bought a 13 sq m non-residential property at: Moscow, Vavilova street, 4, for RUB 2,480,000; Oxana Netyksho is registered in Moscow at Vavilova street, 4, apt.198. This is probably where the family lives and buys other immovable properties for their household or other purposes.
On May 20 InformNapalm thread with the first-ever published photo of colonel Netyksho triggered a lot of reactions and retweets in the English-language segment of Twitter among cybersecurity-minded readers who understood the significance of the event.
For example, Raphael Sutter, a journalist who covers cybersecurity topics for Reuters, noted the importance of the event in his Twitter account.
Another alleged DNC hacker has had some personal info compromised by Ukrainians, this time through his wife’s email account. Not clear that much of value was stolen, but — if this is correct — we can finally put a face to the name of the lead defendant in Netyksho et al. https://t.co/wTKKv7CJoo
— Raphael Satter (@razhael) May 20, 2023
Colonel Netyksho’s ruined vacation
Although the Ukrainian hacktivists had been monitoring Oxana Netyksho’s mailbox for months (phone: 79150160345, email: [email protected]), it was not until May 20 that the information about the hacking was posted on Cyber Resistance’s and InformNapalm’s Telegram channels. This date was chosen for a reason: the next day colonel Victor Netyksho and his son Danil were supposed to fly from Moscow to his home town Chita for a vacation. The tickets were booked as far back as March.
Two hours after the information about the tickets went public, and one day before the long-planned travel, the booking was canceled. This proved that colonel Netyksho had learnt about the hacking of his wife’s email account and decided that, for the time being, it was not safe for him to fly to Chita for a vacation. The Ukrainian hacktivists predetermined the Russian colonel’s actions using the so-called “reflexive control” method.By hacking the colonel wife’s email account, the Ukrainian hacktivists managed to get much more information on the Russian colonel, including his personal photo, sought for by the FBI. The newly acquired information on colonel Netyksho was passed to the relevant agencies long before it was made public.