Şunun için etiket arşivi: Google Threat Intelligence

Google’s Threat Intelligence Group announced Wednesday the discovery of a new malware strain called “LOSTKEYS”, which has been linked to the Russia-based hacking group Cold River, believed to have ties to the Russian Federal Security Service (FSB).

According to Google researcher Wesley Shields, the malware marks a significant expansion in Cold River’s cyber toolkit, with capabilities that include file theft and system reconnaissance, enabling attackers to gather intelligence on high-profile individuals and institutions.

“LOSTKEYS represents a new development in the toolset used by Cold River,” Shields stated in a blog post.

Recent Targeting Activity:

• Attacks observed in January, March, and April 2025

• Targets include current and former advisers to Western governments, military personnel, NGOs, journalists, think tanks, and individuals connected to Ukraine

• Cold River continues to pursue espionage goals in line with Russian strategic interests

Background on Cold River:

Cold River gained notoriety for targeting:

• Three U.S. nuclear research labs in 2022

• Private email leaks of former British spymaster Richard Dearlove and other pro-Brexit figures

• Credential theft campaigns targeting NATO governments and NGOs

The Russian embassy in Washington did not immediately respond to requests for comment.

The revelation underscores ongoing concerns about state-sponsored cyber threats emanating from Russia, particularly amid the ongoing war in Ukraine and heightened geopolitical tensions.