Account Recovery

https://help.steampowered.com/en/wizard/HelpWithAccountStolen
https://support.steampowered.com/kb_article.php?ref=2347-qdfn-4366
https://steamcommunity.com/sharedfiles/filedetails/?id=1126288560

you should have received an email about the changes to your password/email. In that email is a link that allows you to lock the account, this will help reduce the damage that the hijacker can do.

the issue most people run into is they dont read and understand what is asked, they just read and assume incorrectly how to do something.

the guide will take you step by step thru the recovery process. take your time going thru the recovery process, then figure out how you gave out your log in.

Yup it's a Russian hacker.

OP visit phishing site, enter in Steam login info on fake page, then blames it's a russian hacker.

How about stop visiting phishing sites that be great starter to help protect your account. Follow what Wolf Knight posted to get your account back.

Here is the most common reason people get accounts hijack for any service really are as followed.
- Sharing account infomation with others. <--- Very common with impersonators, pretending to be Steam admin / support.
- Logging in on phishing sites. <--- Very common with skin gambling sites.
- Downloading / Installing Virus / Keylogger on your system.
- Using public devices that has keyloggers, such as cyber cafe, school computers, and etc...
- Storing your login credentials on a unsecured service that others has access to view.
- Using same login credentials for all your things, or using same login credentials on another service that had a data leak. Yes it does matter because even if it not related to Steam, if using same login credentials, hijackers will try to use those credentials to see what services you use with those credentials. https://haveibeenpwned.com/

https://www.youtube.com/watch?v=9TRR6lHviQc