The Russian hackers from the Callisto group used fake login pages for each lab and sent emails to nuclear scientists to trick them into divulging their passwords.
In its latest report released this Friday, Reuters revealed surprising details of how a group of Russian hackers targeted three high-profile nuclear research laboratories.
As per Reuters research, the hacking group is known as Callisto (aka Cold River), and they managed to target the Argonne, Brookhaven, and Lawrence Livermore National Laboratories. On the other hand, at least five prominent cybersecurity experts second these findings.
It is worth noting that in December 2020, a group of Russian hackers were also blamed for targeting 40 agencies including US Nuclear Agency.
When and How the Attacks Occurred?
The attacks, according to Reuters’ report, happened between August and September 2022. That’s when Russian president Vladimir Putin claimed Russia intended to use nuclear weapons for its defence. So, it seems likely that the three labs were targeted to steal crucial information.
During their attack, the hackers used phishing techniques by creating fake login pages for each lab and sent emails to nuclear scientists to trick them into giving away their passwords. Researchers couldn’t determine why Callisto targeted these three labs and whether they succeeded in their attempts.
However, they did reveal that the attack occurred after United Nations (UN) experts entered Ukraine’s Russian-held territories to inspect the Russian-occupied Zaporizhzhia nuclear plant to assess the extent of fallout that could be caused by excessive shelling in its vicinity.
This hacking group first surfaced on the internet in 2016 when Britain’s Foreign Office was targeted. The group is known for targeting Western allies of Ukraine and has stepped up its hacks after the Russian invasion of Ukraine in February 2022.
The same group was also pointed out for targeting and leaking the emails of the former head of the British intelligence agency MI6. You can also read the group’s activities, analyzed by cyber security researchers at Sekoia, in their blog post.
Recently, Callisto has been involved in many prominent hacking incidents. Reuters connected the emails used by this group between 2015 and 2020 to Andrey Korinets, a Syktyvkar-based bodybuilder and IT expert.
However, when Reuters interviewed him, Korinets admitted using those emails but denied any connection with Callisto. Nonetheless, Billy Leonard from Google Threat Analysis Group claims they have verified Korinets as an active member of Callisto.