Russian hackers targeted nuclear researchers at three U.S. nuclear labs last summer as Vladimir Putin threatened to use nuclear weapons to defend Russia.
The Russian hacking group called Cold River targeted five nuclear scientists working with Brookhaven (BNL), Argonne (ANL), and Lawrence Livermore National Laboratories (LLNL), according to internet records reviewed by Reuters and five cyber security experts.
The attacks took place between August and September and involved creating fake login pages and emailing nuclear scientists to make them reveal their passwords.
Russian hackers targeted US nuclear labs in a new escalation of cyber attacks
The Russian hackers targeted three nuclear research laboratories in a further escalation of cyber espionage against Ukraine’s allies.
The new wave of attacks occurred as U.N. experts entered Ukrainian territory to inspect the largest European nuclear power plant, Zaporizhzhia, facing a risk of what both sides called a possible nuclear catastrophe.
Reuters could not determine whether Russian hackers managed to infiltrate the nuclear labs. When contacted by the international news outlet, none of the targeted nuclear labs agreed to comment on the issue. Meanwhile, Reuters traced phishing emails to a Russian IT worker in Syktyvkar.
“Hopefully all employees in our nation’s critical infrastructure are already using phishing-resistant multi-factor authentication,” said Roger Grimes, data-driven defense evangelist at KnowBe4. “That will put down a large percentage of phishing attacks, but we can expect Russian phishing campaigns to keep getting more sophisticated over time.”
Grimes advised organizations to aggressively train their employees to recognize, stop, and report phishing attacks.
The timing of the phishing attacks on US nuclear labs was significant, given Vladimir Putin’s threat of using nuclear weapons to defend all Russian territory, including areas captured from Ukraine. Russia later accused Ukraine of planning to use a “dirty bomb,” a claim western governments disputed and warned of a possible Russian false flag operation to justify using a tactical nuclear bomb. However, the threat has not stopped Ukraine forces from trying to recapture all areas under Russian occupation.
It remains unclear how cyber attacks on US nuclear labs fit into possible Russia’s nuclear response. Nevertheless, Russia has demonstrated its ability to coordinate cyber attacks with military strikes for maximum impact. Likely, Russian hackers’ attempts to access US nuclear labs were part of preparations for a nuclear response.
The most significant Russian cyber espionage group
This isn’t the first time Russian hackers from the Cold River group have targeted government organizations in countries perceived as Russia’s adversaries. Since its first detection in 2016 after targeting Britain’s Foreign Office, Cold River has been attributed to dozens of attacks by multiple cybersecurity firms.
French cybersecurity firm SEKOIA.IO said the Cold River hacking group targeted three European NGOs investigating war crimes by registering fake domains impersonating them. The attack on the NGOs coincided with a report by a UN commission of inquiry that concluded that Russian soldiers committed human rights violations during the invasion of Ukraine.Russian #hackers from the Cold River gang targeted five nuclear scientists working with three US nuclear labs and attempted to steal their passwords via #phishing. #cybersecurity #respectdataClick to Tweet
In May 2022, Russian hackers affiliated with the Cold River group leaked secret communications of the former head of the British intelligence group MI6.
Eastern European cybersecurity groups and government organizations said similar attacks also occurred in Poland and Latvia.