Contents:
Cold River, a Russian hacking collective, targeted three US nuclear research laboratories. Brookhaven, Argonne and Lawrence Livermore National Laboratories were all hit.
Between August and September Cold River targeted the Brookhaven (BNL), Argonne (ANL) and Lawrence Livermore National Laboratories (LLNL), according to Reuters. Internet records showed the hackers creating fake login pages for each institution and emailing nuclear scientists in a bid to make them reveal their passwords. However, it is unclear why the labs were targeted or if any of the attempts were successful.
Email accounts and domain names used by hackers often look like convincing, such as “goo-link.online” and “online365-office.com,” which appear to be the addresses of organizations such as Google or Microsoft.
Spokespersons for Brookhaven and Lawrence Livermore National Laboratories declined to comment, while a spokesperson for the Argonne National Laboratory referred questions to the US Department of Energy which in turn declined to comment as well.
The Cold River Hacking Group
In the wake of Russia’s invasion of Ukraine on February 24, Cold River has intensified its hacking campaigns against Western allies. The group first appeared on the radar of intelligence officials in 2016 when it targeted Britain’s Foreign Office. In recent years, as Cybernews reports, Cold River has been involved in several high-profile hacking incidents.
Reuters was able to connect emails used by the group from 2015 to 2020 to an IT professional and bodybuilder, Andrey Korinets, based in Syktyvkar. In an interview with Reuters, Korinets said he was responsible for the emails but denied any knowledge of the Cold River hacking group.
However, a security engineer on Google’s Threat Analysis Group, Billy Leonard, said Google had identified Korinets as being active in Cold River.
Furthermore, the senior vice president of intelligence at US cybersecurity firm CrowdStrike Adam Meyer told Reuters,
This is one of the most important hacking groups you’ve never heard of. They are involved in directly supporting Kremlin information operations.
Russia’s Federal Security Service (FSB) did not respond to requests for comment, nor did the Russian embassy in Washington or even the US National Security Agency (NSA) or the British Foreign Office.
Previous Cold River Attacks
In May of last year, Cold River hacked and began leaking the emails of the former head of the UK’s MI6, the country’s foreign intelligence agency.
It was one of several incidents in the UK, Latvia and Poland, according to officials in Eastern Europe and cyber security experts.
Cold River has also targeted three European NGOs that are investigating war crimes, according to French cybersecurity firm SEKOIA.IO, whose researchers concluded that Cold River’s hacking campaign sought to aid Russian intelligence collection about identified war crime-related evidence and/or international justice procedures.
If you liked this article, follow us on LinkedIn, Twitter, Facebook, Youtube, and Instagram for more cybersecurity news and topics.