An extensive and ongoing information-gathering operation that has targeted numerous targets in government, politics, education, defence, journalism, and activism is being carried out by a hacking group with ties to Russia called Cold River, Britain claimed on Thursday.
The National Cyber Security Centre (NCSC), a division of the British government’s GCHQ spy agency, warned that Cold River impersonates people near its targets by utilising phoney email addresses and social media profiles.
As the attacker establishes rapport, there is frequent correspondence between the two parties, sometimes over a long length of time, the advice stated.
We don’t know anything about that, the Kremlin’s spokesman Dmitry Peskov responded when asked for comment.
The Russian government was not specifically mentioned in the alert as the source of the cyberattacks.
The target is encouraged to click on a malicious link by Cold River hackers, who then fool them into entering their login information on a website under their control, according to the advisory.
The hacking group Cold River, also known as “Callisto” and “Seaborgium,” attacked three nuclear research facilities in the United States last summer and released in May personal emails from former British spy Richard Dearlove.
The article about the nuclear labs was criticised by Russia’s Foreign Ministry as being anti-Russian propaganda.
The NCSC claims that a second organisation, Charming Kitten, based in Iran, used the same “spear-phishing” methods to collect data.
According to Iran’s envoy to the UN in New York, the Iranian government was unaware of the organisation.
Cybersecurity experts and western government officials told Reuters that Cold River has increased its hacking operations against Kyiv’s partners since Russia’s invasion of Ukraine.
The Russian government, according to Western sources, is a world leader in hacking and employs cyber espionage against other nations’ governments and industries to acquire a competitive edge.
Moscow has consistently refuted accusations that it engages in cyber operations.