A Russian hacking group known as Cold River attacked three nuclear research laboratories in the United States last summer, according to Internet records reviewed by Reuters and five cybersecurity experts.
Cold River struck Brookhaven National Laboratory (BNL), Argonne National Laboratory (ANL), and Lawrence Livermore National Laboratory (LLNL) in August and September, when President Vladimir Putin said Russia was ready to use nuclear weapons to defend its territory. recordings showing hackers creating fake login pages for each institution and emailing nuclear scientists trying to get them to reveal their passwords.
Reuters was unable to determine why the labs were targeted or whether any attempted intrusion was successful. A BNL spokesman declined to comment. LLNL did not respond to a request for comment. An ANL spokesman referred questions to the US Department of Energy, which declined to comment.
According to cybersecurity researchers and Western government officials, Cold River stepped up its hacking campaign against Kyiv’s allies after the invasion of Ukraine. The digital attack on US labs came as UN experts entered Russian-controlled territory in Ukraine to inspect Europe’s largest nuclear power plant and assess the risk of what both sides say could be catastrophically destructive radiation amid heavy bombing nearby.
Cold River, hackers who support the Kremlin’s information operations
Cold River, which first came to the radar of intelligence experts after the attack on the British Foreign Office in 2016, has been involved in dozens of other high-profile hacking incidents in recent years, according to interviews with nine cybersecurity firms. Reuters linked email accounts used in hacking operations between 2015 and 2020 to an IT specialist from the Russian city of Syktyvkar.
“This is one of the biggest hacking groups you’ve never heard of,” said Adam Mayer, senior vice president of intelligence at U.S. cybersecurity firm CrowdStrike. “They are involved in direct support of the Kremlin’s information operations.”
Russia’s Federal Security Service (FSB), the domestic security agency that also conducts espionage campaigns in favor of Moscow, and the Russian Embassy in Washington did not respond to emailed requests for comment.
Western officials say the Russian government is a world leader in hacking and uses cyberespionage to spy on foreign governments and industries to gain a competitive advantage. However, Moscow constantly denies that it is conducting hacking operations.
Five industry experts confirmed to Reuters Cold River’s involvement in attempts to break into nuclear laboratories.
The US National Security Agency (NSA) declined to comment on Cold River’s activities. Britain’s Global Communications Headquarters (GCHQ), Britain’s equivalent of the NSA, also had no comment. The Ministry of Foreign Affairs declined to comment.
Cold River and spying on NGOs investigating Russian war crimes in Ukraine
In May, Cold River hacked and leaked the emails of the former head of Britain’s MI6 spy agency. It was just one of several “hack and leak” operations last year by Russian-linked hackers in which sensitive messages were released in the UK, Poland and Latvia, according to cyber security experts and security officials in Eastern Europe. .
In another recent espionage operation against critics of Moscow, Cold River registered domain names designed to impersonate at least three European NGOs investigating war crimes, according to French cybersecurity firm SEKOIA.IO.
The hacking attempts, linked to non-governmental organizations, took place immediately before and after the publication on October 18 of a report by an independent UN commission of inquiry, which found Russian forces responsible for the “vast majority” of human rights violations in the first weeks of the war in Ukraine, which Russia called a special military operation.
Andriy Korynets, the Cold River hacker, definitely active between 2015 and 2020
Cold River has made several mistakes in recent years that have allowed cyber security analysts to pinpoint the exact location and identity of one of its members, providing the clearest indication yet of the group’s Russian origins, according to experts at Internet giant Google and British defense giant BAE. and the American intelligence firm Nisos.
Several personal email addresses used to set up the Cold River missions belong to Andrii Korinets, a 35-year-old IT professional and bodybuilder from Syktyvkar, about 1,600 km northeast of Moscow. The use of these accounts left digital evidence of Korinec’s various online hacks, including social media accounts and personal websites.
Billy Leonard, a security engineer for Google’s threat analysis group, which investigates government hacking attacks, said Korinets was involved. “Google has linked this individual to the Cold River Russian hacking group and its early operations,” he said.
Vintsas Tziiunas, a security researcher at Nisos who also linked Korinec’s email addresses to Cold River’s activities, said the IT specialist appeared to be a “central figure” in the Syktyvkar hacking community from a historical perspective. Tsyzyunas discovered a number of Russian-language Internet forums, including eZine, where Korinets discussed hacking, and shared those posts with Reuters.
In an interview with Reuters, Korinec confirmed that he owned the relevant email accounts, but denied any knowledge of Cold River. He said his only experience with online piracy came years ago, when a Russian court fined him for a computer crime committed during a business dispute with a former client.
Reuters was able to separately confirm the links between KorineČ› and Cold River using data collected by cybersecurity research platforms Constella Intelligence and DomainTools, which help identify website owners: the data showed that KorineČ›’s email addresses were recorded by numerous websites used in the Cold River hacking campaigns between 2015. and 2020.
It is unclear whether Korinets has been involved in hacking operations since 2020. He did not explain why those email addresses were used and did not respond to phone calls and email inquiries.
Source: Hot News
Ashley Bailey is a talented author and journalist known for her writing on trending topics. Currently working at 247 news reel, she brings readers fresh perspectives on current issues. With her well-researched and thought-provoking articles, she captures the zeitgeist and stays ahead of the latest trends. Ashley’s writing is a must-read for anyone interested in staying up-to-date with the latest developments.