© 2023 CyberNews - Latest tech news,
product reviews, and analyses.

If you purchase via links on our site, we may receive affiliate commissions.

Russian hackers targeted 3 US nuclear research labs

The Russian hacking collective known as Cold River reportedly targeted three US nuclear research laboratories. The Brookhaven, Argonne and Lawrence Livermore National Laboratories were all targeted by the group, Reuters reports.

The breach supposedly occurred last summer, and the news agency’s findings are supported by the findings of five cyber security experts.

Internet records seen by Reuters reveal the hackers' attempts to create fake login pages for the three laboratories. The group then emailed nuclear scientists in an effort to trick them into revealing their passwords. It is unclear why the labs were targeted or if any of the attempts were successful.

The hackers often use email accounts and domain names that look similar to legitimate service providers, such as “goo-link.online” and “online365-office.com,” which appear to be the addresses of firms such as Google or Microsoft.

Spokespersons for Brookhaven and Lawrence Livermore National Laboratories declined to comment to Reuters. A spokesperson for the Argonne National Laboratory referred questions to the US Department of Energy which in turn declined to comment as well.

What is the Cold River hacking group?

Cold River has stepped up its hacking campaigns against Western allies of Ukraine following Russia's invasion on February 24 of last year.

The effort against US nuclear research laboratories occurred as UN experts entered Russian-held Ukrainian territories to inspect the Russian-occupied Zaporizhia nuclear plant. The UN was on site to assess what fallout there could be from an accident resulting from nearby shelling.

The group first appeared on the radar of intelligence officials in 2016 when it targeted Britain's Foreign Office. In recent years, Cold River has been involved in several high profile hacking incidents, nine cybersecurity firms told Reuters.

Reuters was able to connect emails used by the group from 2015 to 2020 to an IT professional and bodybuilder , Andrey Korinets, based in Syktyvkar, about 1,300 kilometers (800 miles) northeast of Moscow.

In an interview with Reuters, Korinets said he was responsible for the emails but disavowed any knowledge of the Cold River hacking group.

However, a security engineer on Google's Threat Analysis Group, Billy Leonard, said Google had identified Korinets as being active in Cold River.

The senior vice president of intelligence at US cybersecurity firm CrowdStrike Adam Meyer told Reuters, "This is one of the most important hacking groups you've never heard of."

Meyer added, "They are involved in directly supporting Kremlin information operations."

Russia's Federal Security Service (FSB) did not respond to Reuters request for comment. The FSB is a domestic intelligence body that also carries out foreign hacking operations.

The Russian embassy in Washington also did not answer a request for comment. Nor did the US National Security Agency (NSA) or the British Foreign Office.

What else is Cold River responsible for?

In May of last year, Cold River hacked and began leaking the emails of Sir Richard Dearlove, the former head of the UK's MI6, the country's foreign intelligence agency.

It was one of several hack and dump incidents in the UK, Latvia and Poland, according to officials in Eastern Europe and cyber security experts, Reuters reported.

Cold River has also targeted three European NGOs that are investigating war crimes, Reuters reported French cybersecurity firm SEKOIA.IO said.

While Reuters said it could not confirm that the NGOs were targeted, the French firm said Cold River's hacking campaign sought to aid "Russian intelligence collection about identified war crime-related evidence and/or international justice procedures."

More from Cybernews:

How hackers might be exploiting ChatGPT

ChatGPT blocked in NYC schools over cheating concerns

Russian threat group using other crooks’ malware to target Ukraine, says watchdog

Latest phishing campaign hits Zoom users with malware

WhatsApp enables messaging during internet shutdowns

Subscribe to our newsletter

Leave a Reply

Your email address will not be published. Required fields are marked