Russian hackers reportedly targeted US nuclear sites after Ukraine invasion

Team known as Cold River created fake login pages and emailed scientists in bid to get to their passwords; unclear if effort was successful

Illustrative: A man types on a computer keyboard as coding language is seen on the screen (gorodenkoff; iStock by Getty Images)
Illustrative: A man types on a computer keyboard as coding language is seen on the screen (gorodenkoff; iStock by Getty Images)

A team of Russian hackers targeted three nuclear research labs in the US last summer, according to a Friday Reuters report.

The hacking team known as Cold Water, which is believed to be behind dozens of high-profile hacking incidents in recent years, targeted the Brookhaven (BNL), Argonne (ANL) and Lawrence Livermore National Laboratories (LLNL), according to internet records viewed by Reuters.

The news agency was unable to determine why those three labs were targeted, nor whether the hacking attempts had been successful. None of the labs or government offices involved responded to requests for comment on the story.

Cybersecurity experts told Reuters that Cold River has escalated its hacking attempts since Russia began its invasion of Ukraine last February.

The hacking attempt against US nuclear labs occurred between August and September 2022 as UN experts entered a Russian-controlled area of Ukraine to inspect the Zaporizhzhia nuclear power plant amid fears of a radiation disaster due to Russian shelling in the area.

Cold River hackers created fake login pages for the three nuclear research labs in a bid to get ahold of the passwords of employees at those facilities to gain access to their computer systems, the internet records revealed. The hackers often use email accounts and domain names that look similar to legitimate service providers, such as “goo-link.online” and “online365-office.com,” which appear to be the addresses of firms such as Google or Microsoft.

Illustrative: Russian President Vladimir Putin watches the Vostok 2022 (East 2022) military exercise in far eastern Russia, outside Vladivostok, September 6, 2022. (Mikhail Klimentyev, Sputnik, Kremlin Pool Photo via AP)

Cybersecurity experts told Reuters that Cold River had been responsible for targeting Britain’s Foreign Office in 2016 and also managed to get ahold of the emails belonging to the former head of Britain’s MI6 spy agency, leaking them to the public. Similar operations targeted government officials in Poland and Latvia, according to eastern European security officials.

In another recent espionage incident, Cold River created fake websites for three European NGOs investigating international war crimes just as a UN commission of inquiry released a report finding Russian forces responsible for human rights violations in Ukraine. Reuters did not specify whether the targeted NGOs were involved in the compiling of that commission’s report.

Most Popular
read more: