Go to listing page

Russian Attackers Involved in Phishing Attacks on U.S. Nuclear Scientists

Russian Attackers Involved in Phishing Attacks on U.S. Nuclear Scientists
A Russian hacking group named Cold River, aka Callisto, has ramped up its activities against critical organizations in the U.S. and Eastern European countries. Recently, it targeted four nuclear research labs in the U.S.

Targeted via fake login pages

According to a report by Reuters, Cold River targeted three nuclear research laboratories in the U.S. between August and September last year.
  • The targeted labs are Brookhaven National Laboratory (BNL), Argonne National Laboratory (ANL), and Lawrence Livermore National Laboratory (LLNL).
  • The group attempted to create fake login pages for the three labs and sent phishing emails with links to these pages to trick nuclear scientists into revealing their passwords.

So far, it is unclear why the group targeted these labs or if any of the attempts were successful.

Attacks against European NGOs

  • SEKOIA.IO reported last month that Cold River registered domain names imitating at least three European NGOs investigating Russia-Ukraine war crimes.
  • The targeted NGOs include the Commission for International Justice and Accountability (CIJA), the International Center of Nonviolent Conflict, and the Centre for Humanitarian Dialogue.

Cold River's ties with Russia

The group’s operations between 2015 and 2020 have been traced back to an IT worker named Andrey Korinets, based in the Russian city of Syktyvkar.
  • Andrey Korinets used multiple personal email addresses to set up Cold River missions.
  • Experts found Korinets’ discussion about hacking operations on Syktyvkar Underground eZine (eZine) and other Russian language internet forums.

Conclusion

Although the Cold River group was not publicly attributed to any Russian intelligence service, its past operations include objectives and victimology that align closely with Russian strategic interests. Cold River group is yet another threat engaged in the attack campaigns on the U.S. and European agencies.
Cyware Publisher

Publisher

Cyware