Hackers tied to a Russian bodybuilder and IT worker attempted to hack American nuclear research labs last year, according to a report from Reuters. The hacking group Cold River used phishing techniques in an attempt to access the Brookhaven, Argonne, and Lawrence Livermore National Laboratories.
According to Reuters, Cold River ran its scheme during the summer months of 2022. The group created fake login pages for the labs and emailed scientists in an attempt to trick them into logging in. It’s unclear if the hacks were successful or what, exactly, Cold River was trying to access at the labs.
Cold River used email accounts to register domain names that look similar to legitimate links. At a glance the emails look like they’re coming from Microsoft or Google, but they redirect to a page the hacker has set up. Once the victim puts their information in the site, the hacker has it and can use it to access the legitimate pages. Similar phishing scams have been used in the past to great effect. The 2014 Sony Hack, which saw terabytes of personal emails leaked online, was the result of a phishing scheme.
Reuters was not able to determine why, specifically, the labs were targeted. They are America’s top nuclear research facilities, and their remit includes a wide range of topics such as nuclear fusion power—scientists at Lawrence Livermore recently announced they had achieved fusion ignition, an important milestone. In addition to basic nuclear physics and energy research, the facilities conduct research related to national security and maintaining the U.S.’s nuclear weapons stockpile.
This isn’t the only hack tied to Cold River. According to security researchers, the group registered domain names imitating NGOs that investigate Russian war crimes in 2022. In May, 2002, Cold River leaked emails from a Proton account that belonged to Richard Dearlove, the former head of British spy agency MI6. The group also targeted the British Foreign office in 2016.
Cyber security firms have tied Cold River’s activities to the Russian national Andrey Stanislavovich Korinets, a bodybuilder and IT worker, Reuters reported. Korinets has ties to the Russian hacking community and confirmed to Reuters that he owned email accounts used by the group, but denied knowing anything about Cold River’s activities.
After this article was published, the U.S. Department of Energy (DoE) reached out with a statement. “As part of our ongoing review, DOE has not found evidence of information being compromised. DOE will continue to work with our federal partners to respond to and investigate any potential threats and breaches, ensuring the scientific research conducted across America’s national laboratories remains safe and secure,” a spokesperson for the DoE said.
Update 1/11/23: This story was updated to include a comment from the Department of Energy.