Alphabet’s Google said on Wednesday it has identified new malware called “LOSTKEYS” tied to the Russian-based hacking group Cold River, which is capable of stealing files and sending system information to attackers.
The malware “marks a new development in the toolset” of Cold River, Wesley Shields, a researcher with Google Threat Intelligence Group, said in a blog.
Cold River, a name used to track hacking campaigns previously linked to Russia’s Federal Security Service, is primarily known for stealing login credentials for high-profile targets, including those within NATO governments, non-governmental organizations and former intelligence and diplomatic officers, Shields said in the blog.
The central goal was intelligence collection in support of Russian strategic interests.
Recent targets, observed in January, March and April, include current and former advisers to Western governments and militaries, as well as journalists, think tanks and NGOs, and unnamed individuals connected to Ukraine, according to the blog.
The Russian embassy in Washington did not immediately respond to a request for comment.
Past high-profile campaigns have included targeting three nuclear research laboratories in the US in the summer of 2022, and the publishing of the private emails of former British spymaster Richard Dearlove, alongside pro-Brexit individuals, in an operation revealed in May 2022.
