A Russian hacker group is trying to gain access to three US nuclear facilities using supposedly legitimate e-mail addresses. According to a media report, the attempt flies up. Experts investigate the case and end up with a Russian bodybuilder.
According to Reuters research, Russian hackers tried to break into three American nuclear research facilities last summer. The group, known as Cold River, wrote to nuclear scientists at the Brookhaven, Argonne and Lawrence Livermore National Laboratories between August and September to get them to register with their institutes on fake websites.
The hackers wanted to get the passwords for the internal network of the research institutions. That's according to recorded internet traffic verified by Reuters and five cyber security experts. Reuters could not find out why the institutes were attacked or if an attempted break-in was successful.
Experts researching cybersecurity told Reuters that Cold River uses a variety of email accounts to register domain names like "goo-link.online" and "online365-office.com." At first glance, these looked like services from companies like Google and Microsoft. According to French cybersecurity firm SEKOIA.IO, Cold River also used it to impersonate the pages of at least three European NGOs investigating Russian war crimes in Ukraine. It remained unclear why the hackers targeted the NGOs.
According to specialists from the US group Google, the British defense company BAE and the US cybersecurity company Nisos, several mistakes made by Cold River have made it possible to determine the location and identity of one of its members. Several email addresses used in hacker attacks belong to Andrei Korinets, a 35-year-old IT specialist and bodybuilder in Syktyvkar, about 1,600 kilometers northeast of Moscow.
"Google has been able to link this individual to the Russian hacking group Cold River and their early attacks," said Google's Threat Analysis Group expert Billy Leonard. Nisos expert Vincas Ciziunas explained that Korinets appears to have been a central figure in previous hacking activity. Reuters contacted Korinets, who confirmed the email accounts but denied any knowledge of Cold River.