Russian hackers targeted 3 US nuclear labs

Russian hackers, going by the name of Cold River, allegedly targeted 3 American nuclear research sites during the summer of 2022. Phishing was sent to scientists in an attempt to obtain passwords.

Their name is “Cold River”. According to information released on January 6, 2023, by Reuters, this team of Russian hackers would have targeted several nuclear research sites in the United States during the summer of 2022. Three laboratories would have been targeted between August and September, according to the elements collected by the news agency, which consist of several recordings, also reviewed by 5 cybersecurity experts.

The targeting of these sites by hackers is said to have come as Vladimir Putin, President of the Russian Federation, made it known that Russia was ready to use nuclear weapons to defend its territory. Since the invasion of Ukraine by Russia, Cold River has reportedly increased hacking attempts against Ukrainian allies, informs Reuters.

Scientists from 3 nuclear labs were targeted by phishing

What are the places that would have been targeted?

• Brookhaven National Laboratory (BNL), specializing in nuclear physics, located on Long Island,
• Argonne National Laboratory (ANL), which conducts research into nuclear energy, and is located west of Chicago,
• The Lawrence Livermore National Laboratory (LLNL), specializing in the creation of nuclear weapons, is located in California.

According to records seen by Reuters, the Cold River hackers created fake login pages for each nuclear lab. Then, they would have sent phishing emails to the scientists of these establishments, in order to encourage them to reveal their passwords on the real sites of their institutions. For this, the hackers would have created domain names that could deceive the scientists, because they resembled those of the real sites.

The fake login page was allegedly used by Cold River. // Source: Via Twitter @pearswick

The news agency says it has not discovered why these particular laboratories would have been targeted by Cold River. It is also unclear whether the hacker group’s attempts worked, as none of the representatives from the three nuclear sites responded to Reuters’ solicitations.

This is not the first time that the name Cold River has been publicized. The first mention of this group of hackers dates back to 2016 when these hackers were suspected of having targeted the British Foreign Office. Cold River would likely be involved with the Kremlin, in direct support in intelligence operations.