The Russian state-backed ColdRiver (Star Blizzard) hacking group has intensified their cyber espionage operations using evolving malware families like NoRobot and MaybeRobot via sophisticated delivery chains, including social engineering attacks. They have shifted from their previous malware, LostKeys, to new tools for stealthier data exfiltration and operational flexibility. #ColdRiver #StarBlizzard #NoRobot #MaybeRobot #CyberEspionage
Keypoints
- ColdRiver has launched new malware families, NoRobot and MaybeRobot, after abandoning LostKeys.
- The group employs complex delivery chains involving social engineering and fake CAPTCHA pages.
- They use multi-stage infection tactics with cryptographic key splitting to evade detection.
- ColdRiverβs operations are attributed to the Russian FSB and target Western governments, journalists, and NGOs.
- The malwareβs capabilities include data exfiltration, command execution, and persistence on compromised systems.