The Republican chairmen of two U.S. House committees want more information from the Department of Energy about reported Russian hacking activity against three national laboratories last year.
The lawmakers — James Comer of Kentucky and Frank Lucas of Oklahoma — cited a recent Reuters report about a group known as Cold River targeting the Brookhaven, Argonne and Lawrence Livermore labs in August and September.
“Although it is unclear whether the attempted intrusions were successful, it is alarming that a hostile foreign adversary targeted government labs working on scientific research critical to the national security and competitiveness of the United States,” wrote Oversight Chairman Comer and Science Chairman Lucas in a letter to Energy Secretary Jennifer Granholm.
The hacking campaign reportedly used fake login pages to attempt to collect credentials from nuclear scientists. All three facilities perform high-level research associated with the nation’s nuclear weapons programs.
The lawmakers are asking for documents and communications by the DOE, the labs and other federal entities about the Cold River activity. The goal is to “determine the impact of the attempted intrusions, and evaluate what DOE is doing to ensure the continued security of sensitive scientific research and development at its National Laboratories,” the chairmen wrote.
Cold River, also labeled Seaborgium, Callisto or TA446 by cybersecurity researchers, is known for targeting government organizations, think tanks and defense contractors in NATO countries since at least 2017.
A campaign attributed to the group in December used a spoofed Microsoft login page to attempt to harvest employee logins for a U.S. military weapons and hardware supplier. Other targets have included the military of a Balkans country and a Ukrainian defense contractor, according to Google researchers.