New Malware “LostKeys” Linked to Russian Hacking Group

On Wednesday, Google announced the detection of a new malware named “LostKeys,” which is associated with a Russian hacking group called Cold River. This malware has the capability to steal files and transmit system information to the attackers.

Wesley Shields from Google’s Threat Intelligence Group described this malware as a significant advancement in the tools employed by Cold River. He shared insights about this development on his blog.

Cold River is noted for its hacking campaigns, previously linked to Russia’s federal security services. The group is primarily recognized for acquiring login details from major targets like NATO governments, NGOs, and intelligence agencies, according to Shields. Their overarching aim appears to be intelligence gathering that aligns with Russia’s strategic interests.

Recent observations, as detailed in the blog, indicate that Cold River has been active against various individuals connected to Western governments, military personnel, journalists, think tanks, and NGOs throughout January, March, and April.

The Russian Embassy in Washington has yet to respond to inquiries regarding this matter.

Notable past activities attributed to Cold River include the 2022 leak of a private email from a former British intelligence officer, along with related pro-Brexit figures, alongside another campaign disclosed in May of the same year.