A group of Russian hackers known as cold river hit three laboratories national research to nuclear in the United States. The episode took place last summer, between August and September, on the same days that Wladimir Putin threatened to use nuclear weapons to defend its territory. The structures targeted by cybercriminals — the same ones that have launched multiple cyberattacks on Kyiv since the start of the war in Ukraine — are Brookhaven, Argonne, and Lawrence Livermore.
The Russian hacker attack
News of the attempted cyberattack was published by Portal, according to which the hackers created fake login pages and sent emails to nuclear scientist in an attempt to steal their passwords. We do not know why the labs were attacked, nor if any break-in attempts were made success. A spokesman for the laboratory of Brookhaven he declined to comment. TO Lawrence Livermore They did not respond to a request for comment. A spokesman for the website of Argonne the US Department of Energy questioned, but declined to comment.
What is certain is that Cold River has stepped up its campaign chop against Kiev’s allies after the outbreak of war in Ukraine. The digital lightning attack on US laboratories in particular happened when the experts from United Nations They entered Ukrainian territory captured by Russia to inspect Europe’s largest nuclear power plant and assess the risk of a possible devastating radioactive catastrophe from nearby heavy bombing.
cold river
Cold River, who first came on the radar of intelligence experts after targeting the British Foreign Office As of 2016, he has been involved in dozens of other high-profile hacking incidents over the past few years. Portal traced the email accounts used in the group’s hacking operations between 2015 and 2020 and discovered they were linked to an IT worker in the Russian city Syktyvkar.
“This is one of the biggest hacking groups you’ve never heard of,” said Adam Meyer, senior vice president of intelligence at US cybersecurity firm CrowdStrike. “They are in direct support of the information operations of the KremlinRussia’s Federal Security Service (FSB), the internal security agency that also runs spy campaigns for Moscow, and the Russian Embassy in Washington have not commented on the matter.
cyber espionage
Western officials say the Russian government is a world leader in hacking and using the cyber espionage to spy on foreign governments and industries to gain a competitive advantage. However, Moscow has consistently denied conducting such operations. Portal showed its findings to five industry experts, who instead confirmed Cold River’s involvement in hacking attempts at US nuclear labs, based on shared fingerprints the researchers linked to the group.
The precedents are emblematic. Last May, Cold River leaked emails from the former head of the spy service MI6 British. But this was just one of the numerous and recent operations of “hacks and leaksby Russia-related hackers, which saw the release of several classified notices in the UK, Poland and Latvia. In another espionage operation, the aforementioned group registered domain names intended to harm at least three non-governmental organization European Union investigates alleged Russian war crimes.
However, Cold River has made several missteps in recent years that have allowed cybersecurity analysts to pinpoint the precise location and identity of one of its members, providing the clearest clue to the group’s Russian origins.