Russian hacking group known as Cold River has been linked to an attempt to hack three nuclear research labs in the United States this past summer, according to internet records and five cybersecurity experts who spoke with news reporters.
Between August and September, as President Vladimir Putin indicated that Russia would be willing to use nuclear weapons to defend its territory, Cold River targeted the Brookhaven, Argonne, and Lawrence Livermore National Laboratories.
The group created fake login pages for each institution and emailed nuclear scientists in an attempt to obtain their passwords. It is currently unknown why the labs were targeted or if the attempted intrusion was successful. A spokesperson for Brookhaven declined to comment, Lawrence Livermore did not respond to a request for comment, and a spokesperson for Argonne referred questions to the U.S. Department of Energy, which also declined to comment.
Cold River has a history of escalating its hacking campaigns against Ukraine’s allies since the invasion of Ukraine, according to cybersecurity researchers and western government officials.
The group has been involved in dozens of other high-profile hacking incidents in recent years, and expert traced email accounts used in its operations between 2015 and 2020 to an IT worker in the Russian city of Syktyvkar.
Adam Meyers, the senior vice president of intelligence at U.S. cybersecurity firm CrowdStrike, described Cold River as “one of the most important hacking groups you’ve never heard of” and stated that the group is “involved in directly supporting Kremlin information operations.”
The Russian Federal Security Service (FSB) and Russia’s embassy in Washington did not respond to requests for comment on Cold River’s activities. Western officials have claimed that the Russian government is a global leader in hacking and uses cyber espionage to spy on foreign governments and industries for a competitive advantage.
However, Moscow has consistently denied that it carries out hacking operations. The U.S. National Security Agency (NSA) declined to comment on Cold River, and Britain’s Global Communications Headquarters (GCHQ) and foreign office also did not comment.