Skip to content
SPECIAL

THREATS TO CRITICAL INFRASTRUCTURE IN IRAN CONFLICT

READ MORE

ColdRiver drops fresh malware on targets

(NATO)

By Jai Vijayan

A sweeping cyber espionage campaign targeted at NATO governments, former diplomats, and high-profile NGO figures is a classic example of how quickly elite hacking groups can retool when their operations are exposed.

In May of this year, Google’s Threat Intelligence Group (GTIG) published details of LOSTKEYS, a sophisticated malware platform tied to Russia’s state-backed ColdRiver group. Within five days of that disclosure, ColdRiver had scrapped LOSTKEYS and rolled out an entirely new set of tools in a campaign that GTIG researcher Wesley Shields this week described as the group’s most aggressive campaign yet.

“[The new malware] has undergone multiple iterations since discovery, indicating a rapidly increased development and operations tempo from ColdRiver, Shields said in a newly published report about the attacks. “It is unclear how long ColdRiver had this malware in development, but GTIG has not observed a single instance of LOSTKEYS since publication.”

Read more at Dark Reading

Click to listen highlighted text!