Google has identified a new malware variant named "LOSTKEYS" associated with the Russian hacking group Cold River, known for targeting high-profile entities to gather intelligence. This malware enables the attackers to steal files and transmit system information, marking an evolution in Cold River's methods. The group, linked to Russia's Federal Security Service, has historically targeted NATO personnels, journalists, and advisors from Western governments. Recent activities indicate a continued focus on Ukrainian connections and specific political interests significant to Russia's strategic goals, building on previous high-profile cyber operations.
A new malware called "LOSTKEYS" is tied to the Russian-based hacking group Cold River, which is capable of stealing files and sending system information to attackers.
Cold River, a name used to track hacking campaigns previously linked to Russia's Federal Security Service, is primarily known for stealing login credentials for high-profile targets.
The central goal was intelligence collection in support of Russian strategic interests, targeting current and former advisers to Western governments.
Recent targets, observed in January, March and April, include journalists, think tanks, NGOs, and unnamed individuals connected to Ukraine.
Collection
[
|
...
]