Reported Russian cyberattack on BNL, other labs appears unsuccessful, feds say
Brookhaven National Lab (BNL), a federal facility in Upton. Credit: Brookhaven National Laboratory
Brookhaven National Laboratory was among three U.S. national labs targeted by Russian hackers last summer, according to a report, but the federal government said the attack appears to have been unsuccessful.
“As part of our ongoing review, Department of Energy has not found evidence of information being compromised," said agency spokesman Jeremy Ortiz. The department "will continue to work with our federal partners to respond to and investigate any potential threats and breaches, ensuring the scientific research conducted across America’s national laboratories remains safe and secure.”
Reuters in a report last week said a Russian hacking team known as Cold River targeted BNL, Argonne National Laboratory in Illinois and Lawrence Livermore National Laboratory in California in an effort that included the creation of fake login pages to steal passwords. The news agency wasn’t able to say whether the efforts were successful.
BNL spokesman Peter Genzer declined to comment on the report, saying, "We don’t comment on security matters."
Cold River has reportedly increased hacking activity against allies of the Ukrainian government following a United Nations tour last year of a nuclear plant in Russian-controlled Ukrainian territory to review risks of a potential radiation disaster as war raged around the plant. Cold River was previously associated with numerous attacks, including stealing and leaking emails of the former head of the British spy agency, MI6, according to the Guardian.
Cybersecurity firm CrowdStrike told Reuters Cold River is “involved directly” in supporting information efforts of Russian government operations, though Russia has denied involvement in hacking campaigns.
"The way they operate is to steal information and that information ultimately is useful for crafting a narrative for [Russian] information operations," Adam Meyers, senior vice president of intelligence for CrowdStrike, told Newsday. The group, with likely ties to another Russian-affiliated group called Gossamer Bear, has been operating for around a decade and are "probably one of the most important cyber-operators you've never heard of," he said.
Cold River tactics include tricking people into entering usernames and passwords on fake websites to gain access to their computer systems, security researchers told Reuters. To do this, Cold River has used a variety of email accounts to register domain names such as "goo-link.online" and "online365-office.com" which at a glance look similar to legitimate services operated by firms such as Google and Microsoft, the security researchers said.
"Humans are always the weakest factors in these types of intrusions," Meyers said of the phishing operations. "Some of the biggest [data] breaches involve stolen credentials ...This is the tit-for-tat arms race that we find ourselves in."
The reported attempted hack at BNL comes as Suffolk County continues to grapple with an unrelated ransomware attack that crippled county online operations starting on Sept. 8, when attackers began encrypting and locking up files. They demanded a $2.5 million ransom that Suffolk refused to pay. Many online government services remain offline four months after the hack, including at the Department of Health Services, which Suffolk in late December acknowledged had seen its files encrypted.
Mark Harrington, a Newsday reporter since 1999, covers energy, wineries, Indian affairs and fisheries.
