Reuters reported that a Russian hacker group known as Cold River attempted to gain unauthorized access to three major nuclear laboratories in the USA. The hackers, believed to be located in Russia, launched multiple phishing attacks targeting the following national laboratories – Argonne, Lawrence Livermore, and Brookhaven. The nuclear labs are known for numerous scientific breakthroughs in atomic technologies and national security.
According to the investigation conducted by Reuters, the attackers created email addresses with domain names that resemble popular websites. The Russians were hoping that if the emails looked similar to legitimate sources such as Google or Microsoft, they would be able to trick the scientists into revealing login information. Untrained staff often fall for such phishing scams as similar phishing attacks, and such hacking techniques are the initial cause for a whole list of high-level cyber breaches over the years. Fake login pages are sometimes so well done that even a trained employee can fall victim.
It is unknown whether the attacks were successful, but there is no official confirmation if any data was stolen. Reuters contacted the research centers for comments, but all three labs declined the opportunity to provide more clarity about the attacks. In addition, multiple security agencies, such as NSA and its British equivalent, declined to comment. The cyber incidents were not immediately reported even though the scientific research centers were under attack in August and September last year.
Cold River Attacks have intensified since the war in Ukraine started last year. The hacker organization is behind many other attacks, including attacks on non-government organizations investigating war crimes and other businesses and agencies across Europe and the USA. Russia has done little to none to stop the attacks even though, over the last two years, the US government has made it clear that they want Putin to stop harboring cyber criminals and to keep critical structures “off limits.”
Ukraine is considering classifying cyber-attacks on critical infrastructure as war crimes. Victor Zhora, Ukraine’s chief digital transformation officer, noticed some coordination between kinetic strikes and cyberattacks. He added that since most kinetic attacks are organized against civilians — a direct act of war crime — supportive cyber actions could potentially be considered war crimes too.
Russia is continuing with the cyber-attacks, and the state even legalized piracy of games, movies, and other software in 2022. Belarus followed the same decision earlier this month as Alexander Lukashenko made it legal for people in Belarus to pirate content from nations that are considered unfriendly such as the USA.