ColdRiver drops fresh malware on targets
A sweeping cyber espionage campaign targeted at NATO governments, former diplomats, and high-profile NGO figures is a classic example of how quickly elite hacking groups can retool when their operations are exposed.
In May of this year, Google’s Threat Intelligence Group (GTIG) published details of LOSTKEYS, a sophisticated malware platform tied to Russia’s state-backed ColdRiver group. Within five days of that disclosure, ColdRiver had scrapped LOSTKEYS and rolled out an entirely new set of tools in a campaign that GTIG researcher Wesley Shields this week described as the group’s most aggressive campaign yet.
“[The new malware] has undergone multiple iterations since discovery, indicating a rapidly increased development and operations tempo from ColdRiver, Shields said in a newly published report about the attacks. “It is unclear how long ColdRiver had this malware in development, but GTIG has not observed a single instance of LOSTKEYS since publication.”
Read more at Dark Reading