Russian hackers targeted 3 US nuclear research labs: report

A team of Russian hackers known as Cold River targeted three prominent US nuclear research laboratories last summer, Reuters reported Friday.

The findings are supported by the findings of five cyber security experts.

Reuters reported that the Argonne, Brookhaven and Lawrence Livermore National Laboratories were targeted by the group.

Internet records reveal the hackers' attempts to create fake login pages for the three laboratories. The group then emailed nuclear scientists in an effort to trick them into revealing their passwords.

It is unclear why the labs were targeted or if any of the attempts were successful.

Spokespersons for Brookhaven and Lawrence Livermore National Laboratories declined to comment to Reuters. A spokesperson for the Argonne National Laboratory referred questions to the US Department of Energy which in turn declined to comment as well.

What is the Cold River hacking group?

Cold River has stepped up its hacking campaigns against Western allies of Ukraine following Russia's invasion on February 24 of last year.

The effort against US nuclear research laboratories occurred as UN experts entered Russian-held Ukrainian territories to inspect the Russian-occupied Zaporizhzhia nuclear plant. The UN was on site to assess what fallout there could be from an accident resulting from nearby shelling.

The group first appeared on the radar of intelligence officials in 2016 when it targeted Britain's Foreign Office. In recent years, Cold River has been involved in several high profile hacking incidents, nine cybersecurity firms told Reuters.

Reuters was able to connect emails used by the group from 2015 to 2020 to an IT professional and body builder , Andrey Korinets, based in Syktyvkar, about 1,300 kilometers (800 miles) northeast of Moscow.

In an interview with Reuters, Korinets said he was responsible for the emails but disavowed any knowledge of the Cold River hacking group.

A security engineer on Google's Threat Analysis Group, Billy Leonard, said Google had identified Korinets as being active in Cold River.

The senior vice president of intelligence at US cybersecurity firm CrowdStrike Adam Meyer told Reuters, "This is one of the most important hacking groups you've never heard of."

Meyer added, "They are involved in directly supporting Kremlin information operations."

Russia's Federal Security Service (FSB) did not respond to Reuters request for comment. The FSB is a domestic intelligence body that also carries out foreign hacking operations.

The Russian embassy in Washington also did not answer a request for comment. Nor did the US National Security Agency (NSA) or the British Foreign Office.

What else is Cold River responsible for?

In May of last year, Cold River hacked and began leaking the emails of Sir Richard Dearlove, the former head of the UK's MI6, the country's foreign intelligence agency.

It was one of several hack and dump incidents in the UK, Latvia and Poland, according to officials in Eastern Europe and cyber security experts, Reuters reported.

Cold River has also targeted three European NGOs that are investigating war crimes, Reuters reported French cybersecurity firm SEKOIA.IO said.

While Reuters said it could not confirm that that the NGOs were targeted, the French firm said Cold River's hacking campaign sought to aid "Russian intelligence collection about identified war crime-related evidence and/or international justice procedures."

ar/aw (Reuters)