Russian hackers attacked three nuclear research labs in the United States last summer, according to internet data reviewed by Reuters and five cybersecurity experts.
Between August and September, when Vladimir Putin signaled that Russia would be willing to use nuclear weapons to defend its territory, a hacking group known as Cold River targeted the Brookhaven, Argonne, and Lawrence Livermore National Laboratories.
Internet records showed that the hackers created fake login pages for each institution and emailed nuclear scientists in an attempt to trick them into revealing their passwords. It was unclear why the laboratories were targeted and whether an attempted break-in was successful.
According to cybersecurity researchers and Western government officials, Cold River has escalated its hacking campaign against Kiev’s allies since the invasion of Ukraine.
The digital blitz against the US labs came as UN experts entered Russian-controlled Ukrainian territory to inspect Europe’s largest nuclear power plant and assess the risk of what both sides say could be a devastating radiation disaster amid heavy shelling nearby .
Hackers involved in dozens of attacks
Cold River, which first appeared on the radar of intelligence professionals after targeting the British Foreign Office in 2016, has been implicated in dozens of other high-profile hacking incidents in recent years, according to interviews with nine cybersecurity firms.
In May, Cold River broke in and leaked emails from the former head of Britain’s spy agency MI6. According to cybersecurity experts and Eastern European security officials, that was just one of many “hack and leak” operations by Russian-affiliated hackers last year that exposed confidential communications in Britain, Poland and Latvia.
In another recent espionage operation targeting critics of Moscow, Cold River registered domain names designed to impersonate at least three European NGOs investigating war crimes, according to SEKOIA.IO, a French cybersecurity firm.
“This is one of the most important hacking groups you’ve never heard of,” said Adam Meyer, senior vice president of intelligence at US cybersecurity firm CrowdStrike. “They are involved in direct support of the Kremlin’s information operations.”
Russia’s Federal Security Service, the internal security agency that also conducts espionage campaigns for Moscow, and the Russian embassy in Washington did not respond to requests for comment.
A Brookhaven spokesperson declined to comment. Lawrence Livermore did not respond to a request for comment. An Argonne spokesperson referred questions to the U.S. Department of Energy, which declined to comment.