Last summer, Russian hackers attempted to break into three US nuclear research facilities. The group, known as Cold River, wrote to nuclear scientists at Brookhaven, Argonne and Lawrence Livermore National Laboratories between August and September, trying to get them to register with their institutes through bogus websites.
According to research by the Reuters news agency, the hackers wanted to get their hands on the passwords for the internal network of the research institutions. This is evident from registered internet traffic verified by Reuters and five cybersecurity experts. Reuters was unable to determine why the institutions were attacked or whether an attempted break-in was successful.
Hacker attacks have increased since the war in Ukraine
According to internet security experts and Western government officials, Cold River has escalated its hacking attacks since the invasion of Ukraine. Cold River first came to the attention of Western intelligence services in 2016 when the British Foreign Office was attacked. Since then, dozens of other hacks have been recorded allegedly involving the group.
Cybersecurity experts told Reuters that Cold River uses several email accounts to register domain names such as “goo-link.online” and “online365-office.com”. At first glance, these looked like services from companies like Google and Microsoft.
Simulated websites of at least three NGOs
Cold River also used it to impersonate the pages of at least three European non-governmental organizations (NGOs) investigating Russian war crimes in Ukraine, according to French cybersecurity company SEKOIA.IO. It remains unclear why the hackers targeted the NGOs.
According to specialists from the American group Google, the British defense company BAE and the American cybersecurity company Nisos, several mistakes made by Cold River made it possible to find out the location and identity of one of its members. Several email addresses used in hacker attacks belong to Andrei Korinets, a 35-year-old IT specialist and bodybuilder in Syktyvkar, about 1,000 miles northeast of Moscow.
“Google was able to link this person to the Russian hacking group Cold River and their early attacks,” expert Billy Leonard told Reuters. Nisos expert Vincas Ciziunas explained that Korinets appears to have been a central figure in previous hacking activities. Reuters contacted Korinets, who confirmed the email accounts but denied any knowledge of Cold River.
Source: Krone
I am Wallace Jones, an experienced journalist. I specialize in writing for the world section of Today Times Live. With over a decade of experience, I have developed an eye for detail when it comes to reporting on local and global stories. My passion lies in uncovering the truth through my investigative skills and creating thought-provoking content that resonates with readers worldwide.
