The Russian-based cybercriminal group Cold River is conducting a phishing campaign targeting United States-based individuals. According to researchers, the group has been increasing its cybercriminal activities against critical infrastructures in Eastern European nations and the United States.
Currently, the group targets about four nuclear research laboratories in the United States.
The Cold River group uses fake login pages to deceive its targets and collect information.
The Cold River group targeted more than a few nuclear research laboratories in the US between August and September 2022. The researchers found that the targeted nuclear facilities are the Argonne National Laboratory (ANL), Lawrence Livermore National Laboratory (LLNL), and Brookhaven National Laboratory (BNL).
The initial findings revealed that the Russian group tried to develop fake login pages for the three laboratories and deployed phishing emails with malicious links to these pages to deceive nuclear scientists into disclosing their passwords.
It is still a mystery why the Cold River operators targeted these facilities or if any attempts managed to harvest credentials.
Last month, SEKOIA[.]IO reported that the group registered domain names that spoofed at least a couple of European NGOs investigating the Ukraine and Russia war crimes. Moreover, the researchers confirmed that the imitated NGOs are the Centre for Humanitarian Dialogue, International Justice and Accountability (CIJA) and the Commission for the International Center of Nonviolent Conflict.
The threat group’s cybercriminal campaigns from 2015 to 2020 have been traced back by researchers to an IT staff named Andrey Korinets.
Korinets is allegedly based in Syktyvkar in Russia and has used several personal email addresses to set up the Cold River attacks.
Furthermore, experts discovered Korinets’ explanations about the hacking operation on an underground and another Russian-speaking internet forum.
Researchers have yet to attribute the Cold River group to Russian intelligence services. However, its past operations include objectives and victimology that align closely with Russian government interests.
The Cold River group is now that recent addition to the long list of attackers currently targeting the United States and critical European infrastructure.
