article featured image


Cold River, a Russian hacking collective, targeted three US nuclear research laboratories. Brookhaven, Argonne and Lawrence Livermore National Laboratories were all hit.

Between August and September Cold River targeted the Brookhaven (BNL), Argonne (ANL) and Lawrence Livermore National Laboratories (LLNL), according to Reuters. Internet records showed the hackers creating fake login pages for each institution and emailing nuclear scientists in a bid to make them reveal their passwords. However, it is unclear why the labs were targeted or if any of the attempts were successful.

Email accounts and domain names used by hackers often look like convincing, such as “goo-link.online” and “online365-office.com,” which appear to be the addresses of organizations such as Google or Microsoft.

Spokespersons for Brookhaven and Lawrence Livermore National Laboratories declined to comment, while a spokesperson for the Argonne National Laboratory referred questions to the US Department of Energy which in turn declined to comment as well.

The Cold River Hacking Group

In the wake of Russia’s invasion of Ukraine on February 24, Cold River has intensified its hacking campaigns against Western allies.  The group first appeared on the radar of intelligence officials in 2016 when it targeted Britain’s Foreign Office. In recent years, as Cybernews reports, Cold River has been involved in several high-profile hacking incidents.

Reuters was able to connect emails used by the group from 2015 to 2020 to an IT professional and bodybuilder, Andrey Korinets, based in Syktyvkar. In an interview with Reuters, Korinets said he was responsible for the emails but denied any knowledge of the Cold River hacking group.

However, a security engineer on Google’s Threat Analysis Group, Billy Leonard, said Google had identified Korinets as being active in Cold River.

Furthermore, the senior vice president of intelligence at US cybersecurity firm CrowdStrike Adam Meyer told Reuters,

This is one of the most important hacking groups you’ve never heard of. They are involved in directly supporting Kremlin information operations.


Russia’s Federal Security Service (FSB) did not respond to requests for comment, nor did the Russian embassy in Washington or even the US National Security Agency (NSA) or the British Foreign Office.

Previous Cold River Attacks

In May of last year, Cold River hacked and began leaking the emails of the former head of the UK’s MI6, the country’s foreign intelligence agency.

It was one of several incidents in the UK, Latvia and Poland, according to officials in Eastern Europe and cyber security experts.

Cold River has also targeted three European NGOs that are investigating war crimes, according to French cybersecurity firm SEKOIA.IO, whose researchers concluded that Cold River’s hacking campaign sought to aid Russian intelligence collection about identified war crime-related evidence and/or international justice procedures.

If you liked this article, follow us on LinkedInTwitterFacebookYoutube, and Instagram for more cybersecurity news and topics.

Author Profile

Mihaela Popa


Mihaela is a digital content creator for Heimdal® and the proud owner of an old soul and a curious mind. Passionate to learn and discover more about cybersecurity, she will gladly share her latest finds with you.

Leave a Reply

Your email address will not be published. Required fields are marked *