Three U.S. nuclear labs were attacked in the summer of 2022 by a Russian hacker group known as Cold River, Reuters reported on Friday, citing online data and the opinions of several cybersecurity experts. It is not clear whether the attempted cyberattacks were successful.
The Reuters agency wrote that the attacks took place between August and September last year, at a time when authorities in the Kremlin threatened to Russia could use nuclear weapons, she argued Moscow – defending your territory in context war with Ukraine.
The three national nuclear research labs targeted by hackers are Brookhaven, New York, Argonne, Illinois, and Lawrence Livermore, California. According to online records, hackers created fake login pages for each of these institutions and wrote emails to nuclear scientists to force them to reveal their passwords.
The agency presented its findings to five experts who confirmed Cold River’s involvement in attempted break-ins at nuclear laboratories. This was done based on “digital fingerprints” that the researchers linked to the group. However, Reuters was unable to determine why these labs were targeted, or whether any attempt to break into their systems was successful.
Ministry of Energy USA and other government institutions did not comment on reports of hackers’ activities.
Hacker attack during the visit of UN experts to the Zaporozhian Nuclear Power Plant
Reuters noted that, according to cybersecurity experts and Western officials, since the beginning of the Russian invasion of Ukraine the Cold River group increased its activity against the allies Kiev. Actions against US laboratories came at a time when UN experts conducted an inspection at the Zaporozhye Nuclear Power Plant in the south of Ukraine, occupied by Russian troops.
According to interviews with nine cybersecurity firms, the Cold River group – which first came onto the radar of intelligence professionals after the 2016 attack on the British Foreign Office – has been involved in dozens of other high-profile hacking attacks in recent years.
Adam Meyers, vice president of cybersecurity firm CrowdStrike, described the Cold River group as “one of the most important hacking groups.” “They are involved in directly supporting the Kremlin’s information operations,” he added.
Specialists tracked down some members of Cold River
Several mistakes made by hackers allowed specialists to identify the identities of some members of the group. Many of the e-mail addresses used by hackers in 2015-2020 belong to 35-year-old Russian Andrei Korinc, an IT worker and bodybuilder living in Syktyvkar, the main city of the Komi republic, according to Reuters.
The man told Reuters that he owned the individual accounts but denied any connection to Cold River. He said his only hacking experience was years ago when he was fined by a Russian court for a computer crime committed during a business dispute with his former client.
As reported by Reuters, it is not clear if the Russian was involved in hacking operations after 2020.
According to Western officials, according to Reuters, the Russian government is a world leader in hacking and uses the network to spy on foreign governments and industry, among other things, to gain a competitive advantage. However, Moscow has consistently denied that it has carried out such operations.
Main photo source: Shutterstock