Cold River targeted the Brookhaven (PNL), Argonne (ANL) and Lawrence Livermore (LLNL) national laboratories just days after Vladimir Putin indicated Russia was ready to use nuclear weapons to defend its territory. Each of these laboratories is engaged in nuclear research. Hackers created fake login pages for each company and emailed scientists to get their passwords.

Reuters presented its findings to five industry experts, who confirmed Gold River’s involvement in nuclear lab hacking efforts. This was achieved based on the shared digital fingerprints that researchers have linked to the team in the past.

Reuters could not determine why the labs were targeted or whether an attempt was successful. All three research centers declined to comment.

After the invasion of Ukraine, Gold River stepped up its hacking campaign against Kiev’s allies, according to cybersecurity experts and Western government officials. The digital attack on US laboratories came as UN experts entered Ukraine to assess risks in Zaporizhia, home to Europe’s largest nuclear power plant. Firing continued in that area.

Gold River, which first appeared on the radar of intelligence agencies after attacking the British Foreign Office in 2016, has been involved in dozens of other high-profile hacking incidents in recent years. “This is one of the most important hacker groups you’ve never heard of,” Adam Meyers of US cybersecurity firm CrowdStrike told The Guardian newspaper. “They are engaged in direct support of the Kremlin’s information operations.”

Russia’s Federal Security Service (FSB), which also conducts espionage campaigns for Moscow, and the Russian Embassy in Washington did not respond to Reuters’ emailed requests for comment. Western officials say the Russian government is a world leader in hacking and uses cyber espionage to spy on foreign governments and industries to gain a competitive advantage. However, Moscow continues to deny that it is carrying out hacking operations.