The well-known Russian hacker group Cold River tried to attack American nuclear laboratories. People associated with the hacker group attempted to extract passwords from the institutions' internal networks by creating fake login screens and sending emails to their employees.
This was found out by Reuters journalists. However, the journalists failed to find out the purpose of hacking the laboratories. The US Department of Energy and the Russian embassy in Washington did not provide an answer to this question.
What is known about the hacker attack
Journalists claim that in August-September 2022, hackers from the Cold River group tried to penetrate internal networks:
- Brookhaven National Laboratory in New York State,
- Argonne National Laboratory in Chicago,
- Livermore National Laboratory in California.
All three are guided by the US Department of Energy. It is noted that the connection of attempts to attack Cold River laboratories was confirmed by 5 experts in the cybersecurity industry – hackers left digital traces. It is not known exactly what goals the hackers pursued.
What is known about Cold River
- This group supports the Kremlin's information operations.
- Cybersecurity experts associate him with Syktyvkar resident Andrey Korints.
- In order to trick people into giving their usernames and passwords, Cold River often uses phishing methods using fake sites.
Experts say that Cold River activity has increased significantly since the start of a full-scale Russian invasion of Ukraine. The first cyberattacks against American laboratories began shortly after the arrival of the UN Atomic Energy Agency (IAEA) mission to the Zaporozhye nuclear power plant, which was captured by Russian troops.
And at the end of March, Cold River hackers tried to penetrate the networks of Eastern European countries that are members of NATO. This confirms the Google report published on March 30th. These campaigns were attacked using new Gmail accounts and non-Google accounts, so the success rate of these campaigns is unknown.
