Home Our people Reuters: Russian hackers tried to steal US nuclear secrets

The article has been automatically translated into English by Google Translate from Russian and has not been edited.

Переклад цього матеріалу українською мовою з російської було автоматично здійснено сервісом Google Translate, без подальшого редагування тексту.

Bu məqalə Google Translate servisi vasitəsi ilə avtomatik olaraq rus dilindən azərbaycan dilinə tərcümə olunmuşdur. Bundan sonra mətn redaktə edilməmişdir.

Reuters: Russian hackers tried to steal US nuclear secrets

'06.01.2023' Author: Olga Derkach Subscribe to ForumDaily on Google News

Last summer, a Russian hacker group known as Cold River attacked three nuclear research labs in the United States, according to Internet records viewed by Reuters and five cybersecurity experts.

Photo: IStock

Between August and September 2022, when Russian President Vladimir Putin signaled that Russia would be ready to use nuclear weapons to defend its territory, Cold River targeted Brookhaven (BNL), Argonne (ANL), and Lawrence Livermore National Laboratories (LLNL). ). The hackers created fake login pages for each institution and sent emails to nuclear scientists to force them to reveal their passwords.

Reuters was unable to determine why the labs were attacked or whether the invasion attempt was successful.

According to cybersecurity researchers and Western government officials, Cold River stepped up its hacking campaign against Kyiv's allies following Russia's invasion of Ukraine. The digital blitz against US labs came as UN experts entered Russian-controlled territory in Ukraine to inspect Europe's largest Zaporozhye nuclear power plant and assess the risk of what both sides say could be a devastating radiation disaster.

According to interviews conducted by nine cybersecurity firms, Cold River first came to the attention of intelligence professionals after the attack on the UK Foreign Office in 2016. Reuters traced the email accounts used by the team in its hacking operations between 2015 and 2020 to an IT specialist in the Russian city of Syktyvkar.

"This is one of the most important hacker groups you've never heard of," said Adam Meyers, senior vice president of intelligence for U.S. cybersecurity firm CrowdStrike. “They are involved in direct support of the Kremlin’s information operations.”

On the subject: Hackers hacked Lukashenka's health database and found out that he was deceiving Putin

Western officials say the Russian government is the world leader in hacking and uses cyber espionage to spy on foreign governments and industries to gain a competitive advantage. However, Moscow denies that it is conducting hacking operations.

Reuters presented its findings to five industry experts, who confirmed Cold River's involvement in the nuclear lab break-ins based on shared digital fingerprints researchers commonly associated with the group.

Collection of information

In May, Cold River hackers hacked and leaked emails belonging to the former head of Britain's MI6 intelligence service. According to cybersecurity experts and security officials, this was just one of several "hack-and-leak" operations carried out last year by Russia-linked hackers, in which confidential messages were made public in the UK, Poland and Latvia.

In another recent spying operation against critics of Moscow, Cold River registered domain names impersonating at least three European non-governmental organizations (NGOs) investigating war crimes, according to French cybersecurity firm SEKOIA.IO.

The NGO-linked hacking attempts took place just before and after the October 18 release of a report by an independent UN commission of inquiry that found Russian forces responsible for the "vast majority" of human rights violations in the early weeks of the war in Ukraine.

A SEKOIA.IO blog post states that, based on its targeting of non-governmental organizations, Cold River sought to contribute to the "gathering of Russian intelligence on identified evidence related to war crimes."

The Commission on International Justice and Accountability (CIJA), a non-profit organization founded by a seasoned war crimes investigator, said it had been repeatedly attacked by Russian-backed hackers over the past eight years without success. Two other NGOs, the International Center for Nonviolent Conflict and the Center for Humanitarian Dialogue, did not respond to requests for comment.

Cold River used the following tactic, security researchers told Reuters: It tricked people into entering their usernames and passwords on fake websites in order to gain access to computer systems. To this end, Cold River has used various email accounts to register domain names such as "goo-link.online" and "online365-office.com", which at first glance appear to be legitimate services operated by firms such as Google and Microsoft.

Deep ties with Russia

In recent years, Cold River has made several mistakes that have allowed cybersecurity analysts to pinpoint the exact location and identity of one of its members, providing the clearest indication of the group's Russian origins, according to experts from internet giant Google, British defense contractor BAE and the US Intelligence Agency. firm Nisos.

Several of the personal email addresses used to create the Cold River missions belong to Andrey Korints, a 35-year-old IT professional and bodybuilder from Syktyvkar. The use of these accounts has left a trail of digital evidence from various hacks to Korinets' online life, including social media accounts and personal websites.

You may be interested in: top New York news, stories of our immigrants and helpful tips about life in the Big Apple - read it all on ForumDaily New York

Billy Leonard, a security engineer with Google's Threat Intelligence Group who investigates nation-state hacks, said Korinets was involved.

“Google connected this person to the Russian hacker group Cold River and their early operations,” he elaborated.

Vincas Ciziunas, a security researcher at Nisos, who also linked Korinets' email addresses to Cold River's activities, said the IT professional was a "central figure" in the Syktyvkar hacking community. Chiziunas discovered a number of Russian-language Internet forums, including an e-zine where Korinets discussed hacker attacks.

Korinets confirmed that he owns the respective email accounts, but denied any knowledge of Cold River. He said his only hacking experience came years ago when he was fined by a Russian court for a computer crime committed during a business dispute with a former client.

Reuters was able to separately confirm Korinets' ties to Cold River using data collected through cybersecurity research platforms Constella Intelligence and DomainTools to help identify website owners: the data showed that Korinets' email addresses were registered on numerous websites, used in hacking campaigns Cold River between 2015 and 2020.

It is unclear if Korinets has been involved in hacking operations since 2020. He did not explain why those email addresses were used, nor did he respond to further phone calls and email inquiries.

Read also on ForumDaily:

Three unusual ways to save on groceries in 2023

In the US, they created a unique cancer vaccine: cancer cells kill themselves

How to find out who is calling you from an anonymous number: a simple life hack

Winter Hiking in the USA: 11 Most Popular Routes for an Unforgettable Trip

USA hackers Russia Our people

Subscribe to ForumDaily on Google News

Do you want more important and interesting news about life in the USA and immigration to America? — support us donate! Also subscribe to our page Facebook. Select the “Priority in display” option and read us first. Also, don't forget to subscribe to our РєР ° РЅР ° Р »РІ Telegram and Instagram- there is a lot of interesting things there. And join thousands of readers ForumDaily New York — there you will find a lot of interesting and positive information about life in the metropolis.