Published: March 11, 2023 on our newsletter Security Fraud News & Alerts Newsletter.
The 2022 summer season saw three nuclear research facilities in the United States targeted by phishing attacks seemingly originating with the Advanced Persistent Threat (APT) actors, Cold River (also known as Calisto). This group, which has been linked to Russia, targeted Argonne National Laboratory, Brookhaven National Laboratory, and Lawrence Livermore National Laboratories; all organizations that work with the U.S. Department of Energy.
What happened? Cold River designed fake login pages for these organizations and sent spear-phishing messages to several nuclear scientists with the intent to lure them into supplying their login credentials and passwords. Whether or not these attempts were successful is unknown at this time, as the organizations concerned declined to comment on the issue; perhaps for good reason.
Both intelligence groups and cybersecurity experts have noted an escalation in attacks that can be credited to Cold River since Russia's invasion of Ukraine. In March 2022 the Google Threat Analysis Group (TAG) identified this APT as being responsible for both malware and phishing attacks that affected countries in Eastern Europe (including Ukraine) and other NATO members.
The targets of these increased attacks included Eastern European militaries, as well as a NATO Centre of Excellence. Also targeted were a Ukrainian defense contractor and numerous U.S.-based think tanks and non-governmental organizations (NGOs).
Cybersecurity experts at Google have noted that this is the first time that cyber-attacks by so-called “cyber spies” have targeted NATO and Eastern European military structures. However, it isn’t likely the last.
What does this mean? Generally, any time there are attacks against critical infrastructure, it should raise some alarms. While some instances can be purely coincidental or accidental (i.e. the attackers didn’t actually know what organization they were targeting), many are very specific with very damaging intent. These are supposed to be very secure and if they are put out of service, it can very detrimental effect. Think about the water supply or power grid. These are supposed to keep modern society safe and functioning without harm. They provide services that do this and largely are taken for granted day-to-day. They affect everything from food and water to manufacturing plants and basic utilities.
In 2019, hackers infected India’s biggest nuclear facility with DTrack spyware. It’s suspected they stole important data that they may have sold to terrorists or others with not-so-noble intent.
Any organization can be a victim of a cyberattack. It doesn’t matter the size or the industry. However, if you are in an industry that is critical to help keep society functioning, or have critical data to protect, it’s also critical to stay on top of updating systems, keeping antivirus active and updated, and making sure all employees, regardless of level, are educated on how to identify phishing and other cyber threats.
Keep up to date: Sign up for our Fraud alerts and Updates newsletter
Want to schedule a conversation? Please email us at firstname.lastname@example.org