Reuters: russian hackers attacked American nuclear scientists
A series of cyberattacks against American laboratories engaged in the study of nuclear energy was carried out by the Cold River group. This group is connected to the kremlin.
Reuters reports this, Rubryka writes.
"This is one of the most important hacker groups you've never heard of. They are directly supporting the kremlin's information operations," Adam Meyers, senior vice president of intelligence at the American cyber security firm CrowdStrike, told the publication.
As Reuters notes, citing five well-known experts, last summer, a russian hacking group known as Cold River attacked three nuclear research laboratories in the United States at once. This is evidenced by documents studied by the agency and cyber security experts. Consequently, between August and September, Cold River carried out cyber attacks on Brookhaven (BNL), Argonne (ANL), and Lawrence Livermore National Laboratory (LLNL). Reuters was unable to find out why exactly these laboratories were attacked and whether the attempted incursions were successful. However, industry experts have confirmed Cold River's involvement in attempts to hack nuclear labs based on common digital "fingerprints" that researchers have historically associated with the group.
"According to data about visits to the servers, hackers created fake login pages and sent emails to nuclear scientists trying to get them to reveal their passwords," the agency said.
According to experts, Cold River uses deception tactics by forcing people to enter their usernames and passwords on fake websites to gain access to computer networks. To do this, Cold River used various email accounts to register domain names, such as goo-link.online and on365-office.com, which at first glance look like normal email addresses.
According to cyber security researchers and representatives of Western governments, Cold River stepped up its hacking campaign against Ukraine's allies after russia's invasion. The swift attacks on American laboratories came just after UN experts arrived at the russian-occupied Zaporizhzhia nuclear power plant to personally assess the risk of a possible devastating radiation disaster due to heavy shelling around the plant.
Hacking attempts also took place in mid-October, when a report by an independent UN commission of inquiry was published, which found that russian forces were responsible for the "vast majority" of human rights violations in the first weeks of the invasion of Ukraine.
Reuters reminds that, according to nine companies engaged in cyber security, Cold River first came to the attention of intelligence services after the attack on the British Foreign Office in 2016. In another recent espionage operation targeting kremlin critics, Cold River registered domain names impersonating at least three European NGOs investigating war crimes in Ukraine, according to French cybersecurity firm SEKOIA.
In recent years, according to experts, Cold River has made several mistakes that allowed cyber security analysts to establish the exact location and identity of one of its participants — an IT worker from the russian city of Syktyvkar. This provided a clear indication of the russian origin of the group, which experts from Google, the British defense contractor BAE and the American intelligence company Nisos agree on.
"Western officials say that the russian government is a world leader in hacking and uses cyber espionage to monitor foreign governments and industries to gain a competitive advantage. However, moscow has consistently denied that it is conducting hacking operations," the agency states.
Reference
More than 1,500 cyberattacks have already been registered and investigated in Ukraine since the beginning of the full-scale invasion of russia. Most of them are from the aggressor country.