The Russian hacker group "Cold River" (Cold River) targeted three nuclear technology laboratories in the United States last summer and defrauded them of login passwords.

Schematic diagram of hacking activities.

(Reuters file photo)

[Compiler Guan Shuping/Comprehensive Report] "Reuters" exclusively disclosed on the 6th that the Russian hacker group "Cold River" (Cold River) locked three nuclear technology laboratories in the United States last summer, defrauded the login account password, and attempted to invade these experiments. The system in the chamber was attacked at a time when Russian President Vladimir Putin threatened to use nuclear weapons to defend the territory.

Reuters reviewed online records and the statements of five cybersecurity experts to reveal the matter.

The report pointed out that when Putin threatened to use nuclear weapons against the West in August and September last year, "Cold River" was also targeting Brookhaven (BNL), Argonne (ANL) and Lawrence Livermore (Lawrence). Livermore, LLNL) 3 national laboratories, created fake login pages and sent them to nuclear scientists in these laboratories in an attempt to defraud their login passwords.

However, Reuters could not determine why the labs were targeted or whether the hackers' attempts to break in were successful.

The spokespersons of the three national laboratories declined to comment, did not respond, or asked reporters to ask the Department of Energy.

Please read on...

After the "Cold River" attack on the British Foreign Office in 2016, it began to attract the attention of intelligence professionals. In recent years, it has been involved in dozens of well-known hacking incidents.

"This is one of the most important hacker groups you've never heard of before," said Adam Meyers, vice president of intelligence at U.S. security firm CrowdStrike. "They're involved in information operations that directly support the Kremlin."

Security researchers said that "Lenghe" uses fake websites to trick people into entering account numbers and passwords. For this reason, they use many email accounts to register domain names such as "goo-link online" and "online365-office com". At first glance, people think that they are websites operated by legitimate companies such as Google and Microsoft.

After Russia invaded Ukraine, Cold River ramped up its hacking operations against Kyiv's allies.

French cyber security company SEKOIA.IO pointed out that before the United Nations Independent Investigation Commission issued a report on human rights violations committed by the Russian army in the early stages of the Ukrainian war in October last year, "Cold River" had registered 3 Internet names and imitated at least 3 The European NGO that investigates war crimes is believed to be gathering information on war crimes evidence and international judicial proceedings for Russia.

Experts from Google, British defense contractor BAE and U.S. digital intelligence firm Nisos pointed to several lapses in Cold River operations in recent years that allowed security analysts to identify the identity of one of its members. The exact location and identity provide the clearest indication that Cold River came from Russia.

Tracking the email accounts used by "Cold River" in hacking operations from 2015 to 2020, traced to the ownership of Andrey Korinets, a 35-year-old IT worker in Syktyvkar, Russia. He owns the email account set up for the "Cold River" mission.

The Russian Federal Security Service (FSB) and the embassy in the United States did not respond to this matter.

The NSA declined to comment on Cold River's activities.

Collinez confirmed that he owns the relevant account mentioned in the report, but denied any knowledge of "Cold River". His only hacking experience was many years ago, because of a commercial dispute with a former client, he was accused of computer crime by a Russian court. fine.