Latest news with #ColdRiver
Yahoo
11-05-2025
- Yahoo
Google exposes new Russian spyware virus LostKeys linked to FSB
Google has announced (via Android Headlines) the discovery of new Russian spyware called LostKeys, which is used by the ColdRiver hacker group linked to the Russian Federal Security Service (FSB). The software is designed to steal files and system data from Western organisations. Source: Mezha Media, a technology and IT news platform within Ukrainska Pravda's holding company Details: The Google Threat Intelligence Group (GTIG) reports that LostKeys is used in targeted ClickFix attacks, based on social engineering and beginning with a fake CAPTCHA. Victims are deceived into running malicious PowerShell scripts, allowing additional malware to be downloaded and executed. The primary aim is to install LostKeys, which functions like a digital vacuum cleaner, extracting files, directories and system information. Hackers also deploy other malware, particularly SPICA, to retrieve documents. The ColdRiver Group has been active since 2017 and is known by other names such as Star Blizzard and Callisto Group. It has reportedly become more active in recent years, especially since Russia invaded Ukraine. The group specialises in cyber-espionage, targeting government and defence institutions, think tanks, politicians, journalists and non-governmental organisations. The United States has imposed sanctions on individual group members and announced a US$10 million reward for information leading to their arrest. Google experts emphasise the need to strengthen cybersecurity, especially for organisations that could become potential victims of ColdRiver attacks. They recommend using Google's advanced protection and regularly updating security systems to counter such threats. Support Ukrainska Pravda on Patreon!
USA Today
08-05-2025
- Politics
- USA Today
Google uncovers Russian malware 'LOSTKEYS' stealing files and system data
Google uncovers Russian malware 'LOSTKEYS' stealing files and system data Show Caption Hide Caption Justice Department pushes to break up Google's search monopoly The Justice Department has begun a three-week hearing to determine how to address Google's illegal monopoly in internet search, with the government calling for major structural changes. unbranded - Newsworthy Alphabet's Google GOOGL.O said on Wednesday it has identified new malware called "LOSTKEYS" tied to the Russian-based hacking group Cold River, which is capable of stealing files and sending system information to attackers. The malware "marks a new development in the toolset" of Cold River, Wesley Shields, a researcher with Google Threat Intelligence Group, said in a blog. Artificial intelligence: Will AI replace Google on your iPhone? Apple thinks so. Here's why. Cold River, a name used to track hacking campaigns previously linked to Russia's Federal Security Service, is primarily known for stealing login credentials for high-profile targets, including those within NATO governments, non-governmental organizations and former intelligence and diplomatic officers, Shields said in the blog. The central goal was intelligence collection in support of Russian strategic interests. Recent targets, observed in January, March and April 2025, include current and former advisers to Western governments and militaries, as well as journalists, think tanks and NGOs, and unnamed individuals connected to Ukraine, according to the blog. The Russian embassy in Washington did not immediately respond to a request for comment. Past high-profile campaigns have included targeting three nuclear research laboratories in the U.S. in the summer of 2022, and the publishing of the private emails of former British spymaster Richard Dearlove, alongside pro-Brexit individuals, in an operation revealed in May 2022. Reporting by Deborah Sophia in Bengaluru and AJ Vicens in Detroit; Editing by Arun Koyyur and Emelia Sithole-Matarise
Indian Express
08-05-2025
- Indian Express
Google identifies new malware linked to Russia-based hacking group
The malware 'marks a new development in the toolset' of Cold River, Wesley Shields, a researcher with Google Threat Intelligence Group, said in a blog. Cold River, a name used to track hacking campaigns previously linked to Russia's Federal Security Service, is primarily known for stealing login credentials for high-profile targets, including those within NATO governments, non-governmental organizations and former intelligence and diplomatic officers, Shields said in the blog. The central goal was intelligence collection in support of Russian strategic interests.
Straits Times
07-05-2025
- Straits Times
Google identifies new malware linked to Russia-based hacking group
New malware called 'LOSTKEYS' is tied to the Russian-based hacking group Cold River, and is capable of stealing files. PHOTO: REUTERS WASHINGTON - Alphabet's Google said on May 7 it has identified new malware called 'LOSTKEYS', tied to the Russian-based hacking group Cold River, which is capable of stealing files and sending system information to attackers. The malware 'marks a new development in the toolset' of Cold River, Mr Wesley Shields, a researcher with Google Threat Intelligence Group, said in a blog. Cold River, a name used to track hacking campaigns previously linked to Russia's Federal Security Service, is primarily known for stealing login credentials for high-profile targets, including those within Nato governments, non-governmental organisations and former intelligence and diplomatic officers, Mr Shields said in the blog. The central goal was intelligence collection in support of Russian strategic interests. Recent targets, observed in January, March and April 2025, include current and former advisers to Western governments and militaries, as well as journalists, think-tanks and NGOs, and unnamed individuals connected to Ukraine, according to the blog. The Russian embassy in Washington did not immediately respond to a request for comment. Past high-profile campaigns have included targeting three nuclear research laboratories in the US in the summer of 2022, and the publishing of the private emails of former British spymaster Richard Dearlove, alongside pro-Brexit individuals, in an operation revealed in May 2022. REUTERS Join ST's Telegram channel and get the latest breaking news delivered to you.
Mint
07-05-2025
- Politics
- Mint
Google uncovers ‘LOSTKEYS' malware linked to Russian-backed Cold River hackers
Google has uncovered a new strain of malware, dubbed "LOSTKEYS", believed to be the work of Cold River, a Russian-aligned hacking group reportedly connected to the country's Federal Security Service (FSB), reported Reuters. According to a blog post published on Wednesday by Google's Threat Intelligence Group (GTIG), the newly identified malware represents a significant advancement in Cold River's cyber capabilities. LOSTKEYS is designed to steal files and transmit system data back to its operators, expanding the group's known toolkit for espionage. Wesley Shields, a researcher at GTIG, stated that the malware signals 'a new development in the toolset' used by the group, which has a history of targeting sensitive political and strategic entities. Cold River, also known under various aliases, has been linked to previous cyber operations aimed at high-profile Western individuals and institutions. The group's primary mission, experts say, is the collection of intelligence that furthers Russian geopolitical interests. Recent surveillance by Google's researchers shows that, between January and April 2025, Cold River targeted advisers—both current and former—to Western governments and military institutions. Other victims reportedly included journalists, international think tanks, non-governmental organisations, and individuals associated with Ukraine. The Russian embassy in Washington has yet to respond to requests for comment on the allegations. Cold River has previously drawn attention for its audacious operations. In mid-2022, the group was accused of targeting three nuclear research facilities in the United States. Later that year, it was implicated in the leaking of private emails belonging to former British intelligence chief Sir Richard Dearlove, alongside other individuals associated with pro-Brexit activities. Cybersecurity analysts warn that the emergence of LOSTKEYS underscores a broader escalation in cyber espionage tactics being employed by state-linked actors. Google has urged targeted organisations and individuals to remain vigilant and adopt updated security measures to mitigate potential risks.
