According to Reuters research, Russian hackers tried to break into three American nuclear research facilities last summer. The group, known as Cold River, wrote to nuclear scientists at the Brookhaven, Argonne and Lawrence Livermore National Laboratories between August and September to get them to register with their institutes on fake websites.
The hackers wanted to get the passwords for the internal network of the research institutions. That’s according to recorded internet traffic verified by Reuters and five cyber security experts.
Reuters could not find out why the institutes were attacked or if an attempted break-in was successful. According to Internet security experts and Western government officials, Cold River has escalated its hacking attacks since invading Ukraine.
In 2016, the hackers attacked the British Foreign Office
Cold River first came to the attention of Western intelligence agencies in 2016 when the British Foreign Office was attacked. Since then, dozens of other hacks allegedly involving the group have been registered.
Experts researching cybersecurity told Reuters that Cold River uses a variety of email accounts to register domain names like “goo-link.online” and “online365-office.com.” At first glance, these looked like services from companies like Google and Microsoft.
According to French cybersecurity firm SEKOIA.IO, Cold River also used it to impersonate the pages of at least three European NGOs investigating Russian war crimes in Ukraine. It remains unclear why the hackers targeted the NGOs.
According to specialists from the US group Google, the British defense company BAE and the US cybersecurity company Nisos, several mistakes made by Cold River have made it possible to determine the location and identity of one of its members. Several email addresses used in hacker attacks belong to Andrei Korinets, a 35-year-old IT specialist and bodybuilder in Syktyvkar, about 1,600 kilometers northeast of Moscow.
“Google has been able to link this individual to the Russian hacking group Cold River and their early attacks,” Google’s Threat Analysis Group expert Billy Leonard told Reuters. Nisos expert Vincas Ciziunas explained that Korinets appears to have been a central figure in previous hacking activities. Reuters contacted Korinets, who confirmed the email accounts but denied any knowledge of Cold River. (by James Pearson and Christopher Bing, Reuters)
To home page
