Google Identifies New Malware Linked to Russian Hackers: 'New Development in the Toolset'

Alphabet's Google has made a significant discovery in its ongoing efforts to combat cyber threats, identifying a new malware strain called "LOSTKEYS" that is linked to the notorious Russian-based hacking group Cold River. According to Wesley Shields, a researcher with Google Threat Intelligence Group, this latest development marks a "new development in the toolset" of Cold River.

Cold River is a name used to track hacking campaigns previously associated with Russia's Federal Security Service (FSB). The group has earned notoriety for its sophisticated cyber tactics, which often focus on intelligence collection in support of Russian strategic interests. In recent months, Cold River has been targeting high-profile individuals and organizations, including current and former advisers to Western governments and militaries, journalists, think tanks, NGOs, and unnamed individuals connected to Ukraine.

The malware, known as LOSTKEYS, is a sophisticated threat that can steal files and send system information to attackers. According to Google's research, the central goal of Cold River's campaigns has always been intelligence collection, and recent targets have reflected this focus on gathering sensitive information related to Russian strategic interests.

In April 2022, for example, Cold River was observed targeting journalists and think tanks connected to Ukraine. More recently, in January and March, the group was identified as targeting current and former advisers to Western governments and militaries, highlighting its ongoing efforts to gather intelligence on key players in the global security landscape.

Google's discovery of LOSTKEYS is a significant development in the fight against cyber threats. The fact that Cold River has been able to adapt and evolve its tactics over time highlights the importance of continuous monitoring and analysis by organizations like Google Threat Intelligence Group.

In May 2022, Past campaigns by Cold River included targeting three nuclear research laboratories in the US and publishing the private emails of former British spymaster Richard Dearlove, alongside pro-Brexit individuals. These high-profile operations demonstrate the group's capabilities and willingness to go after sensitive information from key targets.

The Russian embassy in Washington did not immediately respond to a request for comment on this latest development. As the threat landscape continues to evolve, organizations like Google Threat Intelligence Group will play an increasingly important role in identifying and mitigating the impacts of sophisticated malware and hacking campaigns like LOSTKEYS.