The group, known as Cold River, wrote to nuclear scientists at the Brookhaven, Argonne and Lawrence Livermore National Laboratories between August and September to get them to register with their institutes on fake websites.
The hackers wanted to get the passwords for the internal network of the research institutions. That’s according to recorded internet traffic verified by Reuters and five cyber security experts.
Reuters could not find out why the institutes were attacked or if an attempted break-in was successful. According to Internet security experts and Western government officials, Cold River has escalated its hacking attacks since invading Ukraine. Cold River first came to the attention of Western intelligence agencies in 2016 when the British Foreign Office was attacked. Since then, dozens of other hacks allegedly involving the group have been registered.
Experts researching cybersecurity told Reuters that Cold River uses a variety of email accounts to register domain names like “goo-link.online” and “online365-office.com.” At first glance, these looked like services from companies like Google and Microsoft. According to French cybersecurity firm SEKOIA.IO, Cold River also used it to impersonate the pages of at least three European NGOs investigating Russian war crimes in Ukraine. It remains unclear why the hackers targeted the NGOs.
Hackers made mistakes
According to specialists from the US group Google, the British defense company BAE and the US cybersecurity company Nisos, several mistakes made by Cold River have made it possible to determine the location and identity of one of its members. Several email addresses used in hacker attacks belong to Andrei Korinets, a 35-year-old IT specialist and bodybuilder in Syktyvkar, about 1,600 kilometers northeast of Moscow.
“Google has been able to link this individual to the Russian hacking group Cold River and their early attacks,” Google’s Threat Analysis Group expert Billy Leonard told Reuters. Nisos expert Vincas Ciziunas explained that Korinets appears to have been a central figure in previous hacking activities. Reuters contacted Korinets, who confirmed the email accounts but denied any knowledge of Cold River.
Six-year-old shot teacher and seriously injured her
Eight percent of travelers from China in Japan tested positive
29 dead in arrest of “El Chapo” son in Mexico
Experienced surfer dies in waves off Nazaré
For your saved topics
found new items.
info By clicking on the icon you add the keyword to your topics.
Click on the icon to open your “My Topics” page. They have of 15 tags saved and would have to remove tags.
info By clicking on the icon you remove the keyword from your topics.
Add the theme to your themes.