Russian hackers attacked US nuclear research facilities

Russian hackers attacked US nuclear research facilities

The group, known as Cold River, wrote to nuclear scientists at the Brookhaven, Argonne and Lawrence Livermore National Laboratories between August and September to get them to register with their institutes on fake websites.

The hackers wanted to get the passwords for the internal network of the research institutions. That’s according to recorded internet traffic verified by Reuters and five cyber security experts.

Reuters could not find out why the institutes were attacked or if an attempted break-in was successful. According to Internet security experts and Western government officials, Cold River has escalated its hacking attacks since invading Ukraine. Cold River first came to the attention of Western intelligence agencies in 2016 when the British Foreign Office was attacked. Since then, dozens of other hacks allegedly involving the group have been registered.

Experts researching cybersecurity told Reuters that Cold River uses a variety of email accounts to register domain names like “goo-link.online” and “online365-office.com.” At first glance, these looked like services from companies like Google and Microsoft. According to French cybersecurity firm SEKOIA.IO, Cold River also used it to impersonate the pages of at least three European NGOs investigating Russian war crimes in Ukraine. It remains unclear why the hackers targeted the NGOs.

Hackers made mistakes

According to specialists from the US group Google, the British defense company BAE and the US cybersecurity company Nisos, several mistakes made by Cold River have made it possible to determine the location and identity of one of its members. Several email addresses used in hacker attacks belong to Andrei Korinets, a 35-year-old IT specialist and bodybuilder in Syktyvkar, about 1,600 kilometers northeast of Moscow.

“Google has been able to link this individual to the Russian hacking group Cold River and their early attacks,” Google’s Threat Analysis Group expert Billy Leonard told Reuters. Nisos expert Vincas Ciziunas explained that Korinets appears to have been a central figure in previous hacking activities. Reuters contacted Korinets, who confirmed the email accounts but denied any knowledge of Cold River.

more from Weltspiegel

Six-year-old shot teacher and seriously injured her

Eight percent of travelers from China in Japan tested positive

29 dead in arrest of “El Chapo” son in Mexico

Experienced surfer dies in waves off Nazaré

My themes

For your saved topics

found new items.

info By clicking on the icon you add the keyword to your topics.

Click on the icon to open your “My Topics” page. They have of 15 tags saved and would have to remove tags.

info By clicking on the icon you remove the keyword from your topics.

Add the theme to your themes.

Source: Nachrichten

Leave a Reply

Your email address will not be published. Required fields are marked *

Latest Posts