Google Destapa 'LostKeys': Nuevo Malware Ruso

Google revela ‘LostKeys’, un sofisticado malware ruso utilizado por el grupo COLDRIVER, vinculado al FSB, para espiar a gobiernos y organizaciones occidentales. Conoce cómo funciona. Alerta Cibernética: Google Identifica ‘LostKeys’, Herramienta Rusa de Espionaje El mundo de la seguridad digital está nuevamente en alerta. Google ha anunciado el descubrimiento de “LostKeys”, un nuevo y sigiloso…

UNC4057 LOSTKEYS Malware Targets Western NGOs

UNC4057 LOSTKEYS

The Russian government-backed outfit COLDRIVER targets Western and non-governmental organisations with its latest spyware, LOSTKEYS.

The Russian government-backed threat organisation COLDRIVER (also known as UNC4057, Star Blizzard, and Callisto) has stolen data from NGOs and Western targets using LOSTKEYS, a new virus. The Google Threat Intelligence Group (GTIG) been tracking COLDRIVER for years, including its SPICA malware in 2024, and believes LOSTKEYS is a new tool.

COLDRIVER focusses on credential phishing targeting well-known targets. People at NGO or personal email addresses are generally targeted. They steal login passwords, emails, and contact lists after gaining access to a target's account. COLDRIVER may also access system files and infect devices with malware.

COLDRIVER has attacked journalists, think institutes, NGOs, and past and current Western government and military advisors. Plus, the gang has kept targeting Ukrainians. COLDRIVER's principal goal is to acquire intelligence for Russia's strategic goals. In several cases, the gang hacked and leaked NGO and UK official data.

January, March, and April 2025 saw the discovery of LOSTKEYS malware. The malicious application may take files from a hard-coded set of folders and extensions and transmit the attacker system details and active processes. COLDRIVER normally utilises credentials to access contacts and emails, although they have utilised SPICA to access target system documents. LOSTKEYS has a unique purpose and is utilised in certain scenarios.

The multi-step LOSTKEYS infection chain begins with a tempting website featuring a fake CAPTCHA. After the CAPTCHA is “verified,” the PowerShell code is transferred to the user's clipboard and the page invites them to execute it using Windows' “run” prompt. The “ClickFix” approach includes socially engineering targets to copy, paste, and run PowerShell scripts. Google Threat Intelligence Group said many APT and financially driven attackers use this method, which has been well documented.

PowerShell does the first stage's second step. In numerous instances, the IP address 165.227.148[.] provided this second step.68. The second step computes the display resolution MD5 hash and stops execution if it matches one of three specified values. This step may avoid virtual machine execution. The request must contain IDs unique to each observed instance of this chain to proceed. In every observation, the third stage comes from the same host as the previous phases.

Base64-encoded blobs decode into additional PowerShell in the third phase. This step requires retrieving and decoding the latest LOSTKEYS payload. It does this by downloading two additional files from the same host using different identities for each infection chain. The first-downloaded Visual Basic Script (VBS) file decodes the second file. Each infection chain is decoded with two keys. One unique key is in the decoder script, while stage 3 saves the second. Keys are used to replace cypher the encoded data.

The final payload is LOSTKEYS VBS. File theft and system data collection are its purposes.

Two more LOSTKEYS samples dated December 2023 were uncovered during this behaviour investigation. These previous PE files posing as Maltego files change greatly from the execution chain starting in 2025. It is unclear if these December 2023 samples are related to COLDRIVER or if the malware was reused from another operation into January 2025. Exchanged Indicators of Compromise (IOCs) include binary hashes and C2 addresses like njala[.]dev and 80.66.88[.]67.

Google Threat Intelligence Group uses threat actor research like COLDRIVER to improve product security and safety to safeguard consumers. Once detected, hazardous websites, domains, and files are added to Safe Browsing to protect users. Government-backed attacker warnings alerted Gmail and Workspace users. Potential targets should enrol in Google's Advanced Protection Program, enable Chrome's Enhanced Safe Browsing, and update all devices.

Google shares its findings with the security community to raise awareness and help targeted companies and people. Sharing methods and approaches improves threat hunting and sector user protections. The original post comprises YARA rules and compromise indicators and is available as a Google Threat Intelligence collection and rule bundle.

Si moltiplicano le azioni di spionaggio degli hacker russi

Google rivela le nuove tecniche dei servizi segreti russi. Gli hacker del Center 18, unità dell’Fsb, hanno messo a punto un sistema per bucare i dispositivi di obiettivi nei Paesi della Nato e in Ucraina inviando alle vittime file Pdf compromessi. Ecco i dettagli dell’operazione Gli hacker russi del Center 18, un��unità del Servizio di sicurezza federale russo (Fsb) da tempo al centro delle attività cyber della Russia, tentano sempre più spesso di installare backdoor sui dispositivi di obiettivi nei Paesi della Nato e in Ucraina. È quanto emerge da una nuova ricerca del Threat Analysis Group di Google. Secondo gli analisti le tattiche degli attaccanti, ribattezzati Coldriver, si sono evolute negli ultimi mesi verso tentativi più sofisticati che prevedono l’uso di file Pdf per indurre le vittime a scaricare le backdoor sui loro dispositivi attraverso i documenti.

Un portavoce di Google ha dichiarato a Recorded Future News che gli obiettivi principali sono persone di alto profilo nelle organizzazioni non governative, ex funzionari dell’intelligence e militari e governi della Nato. G li hacker di Coldriver in genere avvicinano le vittime fingendo di essere esperti in un campo di studio o membri di organizzazioni affiliate all’obiettivo dell’operazione. Come in molte altre operazioni di spionaggio sofisticate, cercano di instaurare un rapporto con la vittima nel tentativo di convincerla ad aprire i documenti. Si tratta di editoriali o articoli che l’attaccante dice di voler pubblicare e per i quali chiede un parere alla vittima. E se quest’ultima ha qualche problema con l’apertura del documento crittografato, l’hacker risponde con un link, solitamente ospitato su un sito di archiviazione cloud, per la decrittografia, che in realtà è una backdoor personalizzata che spalanca le porte del dispositivo della vittima all’attaccante. Il malware Spica è il primo il cui sviluppo e utilizzo è stato attribuito a Coldriver. Consente agli hacker di rubare i cookie da Chrome, Firefox, Opera ed Edge e di caricare, scaricare, enumerare ed esfiltrare documenti. È stato rilevato per la prima volta nel settembre 2023, ma i ricercatori hanno dichiarato di ritenere che il malware sia stato utilizzato dal novembre 2022. Read the full article

Russian Hackers Using ClickFix Fake CAPTCHA to Deploy New LOSTKEYS Malware

Source: https://thehackernews.com/2025/05/russian-hackers-using-clickfix-fake.html

More info: https://cloud.google.com/blog/topics/threat-intelligence/coldriver-steal-documents-western-targets-ngos

Russia's APT28 Cyber Espionage Group Targets Czechia, Germany Using Outlook Exploit

Czechia and Germany have exposed a long-running cyber espionage campaign conducted by the notorious Russia-linked APT28 hacking group, drawing harsh criticism from international organizations like the European Union (EU), the North Atlantic Treaty Organization (NATO), the United Kingdom, and the United States. The Czech Republic's Ministry of Foreign Affairs revealed that certain entities within the country were targeted using a critical Microsoft Outlook vulnerability (CVE-2023-23397), allowing Russian state-sponsored hackers to escalate privileges and potentially gain unauthorized access. Germany Accuses APT28 of Targeting Social Democratic Party Similarly, Germany's Federal Government attributed the APT28 threat actor, also known as Fancy Bear, Pawn Storm, and Sofacy, to a cyber attack aimed at the Executive Committee of the Social Democratic Party, exploiting the same Outlook flaw over a "relatively long period" to compromise numerous email accounts. The targeted industries spanned logistics, armaments, air and space, IT services, foundations, and associations located in Germany, Ukraine, and other European regions. Germany also implicated APT28 in the 2015 cyber attack on the German federal parliament (Bundestag). Widespread Condemnation of Russia's Malicious Cyber Activities NATO stated that Russia's hybrid actions "constitute a threat to Allied security," while the Council of the European Union condemned Russia's "continuous pattern of irresponsible behavior in cyberspace." The UK government described the recent APT28 activity, including targeting the German Social Democratic Party, as "the latest in a known pattern of behavior by the Russian Intelligence Services to undermine democratic processes across the globe." The US Department of State acknowledged APT28's history of engaging in "malicious, nefarious, destabilizing and disruptive behavior," and reiterated its commitment to upholding a "rules-based international order, including in cyberspace." Disruption of APT28's Criminal Proxy Botnet Earlier in February, a coordinated law enforcement action disrupted a botnet comprising hundreds of SOHO routers in the US and Germany believed to have been used by APT28 to conceal their malicious activities, such as exploiting CVE-2023-23397 against targets of interest. Cybersecurity researchers warn that Russian state-sponsored cyber threats, including data theft, destructive attacks, DDoS campaigns, and influence operations, pose severe risks to upcoming elections in regions like the US, UK, and EU, with multiple hacking groups like APT28, APT44 (Sandworm), COLDRIVER, and KillNet expected to be active. Securing Critical Infrastructure from Pro-Russia Hacktivist Attacks Government agencies from Canada, the UK, and the US have released a joint fact sheet to help critical infrastructure organizations secure against pro-Russia hacktivist attacks targeting industrial control systems (ICS) and operational technology (OT) systems since 2022, often exploiting publicly exposed internet connections and default passwords. The recommendations include hardening human-machine interfaces, limiting internet exposure of OT systems, using strong and unique passwords, and implementing multi-factor authentication for all access to the OT network. Read the full article

Google によると、ロシアが支援するハッカー集団「ColdRiver」が、PDF 復号化ツールを装ったペイロードを使用して、これまで知られていなかったバックドア マルウェアをプッシュしているという。 攻撃者は、ターゲットに関係する個人になりすましたフィッシングメールを通じて、暗号化されたと思われる PDF ドキュメントを送信します (この戦術は 2022 年 11 月に初めて観察されました)。 受信者が「暗号化された」文書を読むことができないと返信すると、おとり文書の内容を表示するための PDF 復号化実行可能ファイル (Proton-decrypter.exe という名前) のようなものをダウンロードするためのリンクが送信されます。 「COLDRIVERはこれらの文書を、なりすましアカウントが公開しようとしている新しい論説やその他のタイプの記事として提示し、ターゲットからのフィードバックを求めます。ユーザーが無害なPDFを開くと、テキストは暗号化されているように見えます」と Google TAGは述べた 。 ただし、この偽の復号ソフトウェアはおとりの PDF ドキュメントを表示しますが、攻撃を発見した Google の脅威分析グループ (TAG) のセキュリティ研究者によって Spica と名付けられたマルウェア株を使用して、被害者のデバイスをバックドアします。 研究者らは、このキャンペーンの調査中に 1 つのサンプルしか採取できなかったにもかかわらず、フィッシング ルアーに一致する複数の Spica サンプルが存在する可能性が高く、それぞれに異なるおとり文書が含まれていると考えています。

Google：ロシアFSBハッカーが新たなSpicaバックドアマルウェアを展開

Russia-linked ColdRiver used LostKeys malware in recent attacks

http://i.securitythinkingcap.com/TKfk7d

COLDRIVER using new malware to steal from Western targets — Google

Threat group COLDRIVER is using new malware to steal documents from Western targets, according to a May 7 report from Google Threat Intelligence. The malware, called LOSTKEYS, shows the evolution of the group from credential phishing to more sophisticated attacks. According to the Google report, the new malware is installed through four steps. The process involves a “lure website” with a fake…

Russian-Linked Hackers Target Eastern European NGOs and Media

The Hacker News : Russian and Belarusian non-profit organizations, Russian independent media, and international non-governmental organizations active in Eastern Europe have become the target of two separate spear-phishing campaigns orchestrated by threat actors whose interests align with that of the Russian government. While one of the campaigns – dubbed River of Phish – has been attributed to COLDRIVER, an http://dlvr.it/TBy6Wd Posted by : Mohit Kumar ( Hacker )

Google alerta de un cambio en las campañas de COLDRIVER

El blog oficial de @Google alerta de un cambio en las campañas de COLDRIVER en donde el uso de un pdf como señuelo para instalar puertas traseras.

Agencias, Ciudad de México.- El grupo de análisis de amenazas (TAG, por sus siglas en inglés) de Google ha alertado de un cambio en la actuación de COLDRIVER, un grupo de ciberespionaje ruso, ya que a sus campañas de ‘phishing’ contra actores de alto nivel se le unen ahora campañas de distribución de ‘malware’ con archivos pdf como señuelo. COLDRIVER, también conocido como UNC4057, Star Blizzard…

View On WordPress

Russian FSB Cyber Actor Star Blizzard Continues Worldwide Spear-phishing Campaigns | CISA

The Russia-based actor is targeting organizations and individuals in the UK and other geographical areas of interest. OVERVIEW The Russia-based actor Star Blizzard (formerly known as SEABORGIUM, also known as Callisto Group/TA446/COLDRIVER/TAG-53/BlueCharlie) continues to successfully use spear-phishing attacks against targeted organizations and individuals in the UK, and other geographical areas…

View On WordPress

APT44, Cyber Espionage & More In NATO Cyber Threats

Emboldened and Evolving: NATO Cyber Threats snapshot

As NATO members and partners prepare for a landmark summit, the cyber threat must be considered. Empowered state-sponsored actors, hacktivists, and criminals are willing to cross lines and commit acts previously unthinkable to attack the Alliance. Besides military targets, NATO must address hybrid threats including APT44, Cyber Espionage & More harmful cyber activities against hospitals, civic society, and other targets, which could affect contingency resilience. The Ukraine crisis is linked to rising cyber risks, but many will grow separately and simultaneously.

NATO faces clandestine, aggressive cyber actors that gather intelligence, assault key infrastructure, and spread disinformation. Google is closely watching cyber threats, including those in this report, to safeguard its customers and businesses, but this is just a snapshot of a bigger and developing world.

What is Cyber espionage?

Cyber espionage is the act of stealing information without permission over the internet. It’s the digital version of traditional espionage

Cyber espionage

NATO’s enemies have long used Cyber Espionage to gain political, diplomatic, and military insight and acquire defence technologies and economic secrets. However, Alliance intelligence will be crucial in the coming months. This summit represents a transition time, with Mark Rutte as Secretary General and other changes planned to strengthen the Alliance’s defence posture and long-term support for Ukraine. Threat actor Cyber Espionage might weaken NATO’s strategic advantage and inform opponent leadership on how to oppose NATO’s investments and ambitions.

NATO faces global Cyber Espionage from various actors. Many still use simple but successful approaches like social engineering. Others have advanced their tradecraft to become formidable opponents for even the most skilled defenders.

APT29 (ICECAP)

APT29, attributed to the Russian Foreign Intelligence Services (SVR) by various governments, collects diplomatic and political intelligence on Europe and NATO member states. APT29 has committed several high-profile compromises of technology corporations that give public sector access. In the past year, Mandiant has seen APT29 target NATO member technology businesses and IT service providers to compromise government and policy organisations’ third-party and software supply chains.The actor is skilled in cloud environments and adept at disguising their tracks, making them hard to detect, monitor, and expel from infiltrated networks.

In addition to spear-phishing NATO members, APT29 has traditionally targeted diplomatic bodies. The actor has breached European and U.S. executive authorities multiple times. They have also targeted political parties in Germany and the U.S. to gather intelligence on potential government policy.

Cyberespionage from China

Recently, Chinese Cyber Espionage has shifted from noisy, easily identifiable operations to stealth. Technical advances have made defending harder and helped NATO member states attack government, military, and commercial targets.

Chinese Cyber Espionage increasingly uses:

Targeting the network edge and exploiting zero-day vulnerabilities in security devices and other internet-facing network infrastructure to limit defence detection. These operators have lowered their risk of user or control identification by using less social engineering. These hackers exploited 12 zero-days (software or hardware vulnerabilities unknown to the vendor, with no patch or fix available, and can be exploited before they can be addressed) in 2023, several in network edge security products. These devices are suitable beachheads in hacked networks because they lack endpoint detection.

Hiding harmful communications via operational relay box (ORB) networks. Threat actors use proxies to mask their malicious traffic on the internet, but proxy tracking is easy. Large ephemeral ORB networks of shared and hacked proxies are used by actors. These networks are hard to trace and hinder infrastructure intelligence sharing for defenders.

Live off the land to avoid defence detection. Some actors utilise non-malware means to break in. Live-off-the-land tactics exploit legitimate system tools, features, and functionalities to traverse networks and commit crimes. Without malware detection and intelligence sharing, defenders are at a disadvantage.

Not just Chinese threat actors use these methods. Russian actors APT29, APT28, and APT44 have employed them.

Cyberattacks that disrupt and destroy

Cyberattacks are increasing, threatening NATO directly and indirectly. Iranian and Russian state actors have been eager to attack NATO countries in recent years, but they have concealed behind phoney fronts that take credit. Mandiant described a 2022 damaging attack on Albania by a purported hacktivist group called “HomeLand Justice” that the U.S. Government subsequently ascribed to Iranian actors.

While demonstrating their ability to launch complex strikes on extremely sensitive operational technology systems in Ukraine, state actors are compromising NATO countries’ key infrastructure for future disruptions. These actors have the means and motivation to disrupt NATO’s key infrastructure.

In addition to state cyberattacks, hacktivist and criminal disruptions are no longer ignorable. Global hacktivist resurgence has caused major attacks on the public and private sectors, making illegal activity a national security threat.

APT44 Sandworm, Frozenbarents

Highly advanced cyber threat outfit APT44, also known as Sandworm, is thought to be backed by Russian military intelligence.

Espionage, disruption, and disinformation efforts are APT44’s specialties. For over a decade, they’ve carried out disruptive malware attacks including BlackEnergy and Industroyer.

APT44 summary:

APT44 has targeted essential infrastructure, government agencies, and international sports organisations. Since the Russia conflict, Ukraine has been a top target.

Tactics: APT44 has many tools to achieve its goals. Supply chain attacks, phishing emails, and software flaws are examples. They may use wiper malware to delete data and disrupt operations.

The range of APT44’s capabilities makes it worrisome. APT44 conducts espionage, sabotage, and influence operations, unlike many APT groups.

The global devastating hack NotPetya, Pyeongchang Olympic games strikes, and Ukraine outages have all been carried out by APT44. Russian military intelligence-linked actor has carried out technically complicated interruptions of sensitive operational systems and broad-effect damaging strikes. APT44 has carried out most disruptive assaults in Ukraine and minor attacks in NATO nations since the war.

PRESSTEA (Prestige) ransomware was used against Polish and Ukrainian logistics companies by APT44 in October 2022. The malware was unbreakable and damaging, maybe to demonstrate the group’s ability to harm supply routes carrying lethal aid to Ukraine. APT44’s risk-taking in using a disruptive capacity against a NATO member country is evident in this operation.

Hacktivists

Geopolitical flashpoints like the Russian invasion of Ukraine have sparked a global hacktivism revival. Despite focusing on NATO members, these actors have had mixed results. Many surgeries are meant to draw attention and create a false sense of uneasiness but cause no lasting damage.

These actors cannot be disregarded despite their flaws. Their attacks draw media attention in target countries and sometimes have catastrophic effects. One of their preferred methods, distributed denial-of-service (DDOS) attacks, are cosmetic but might be used to greater effect during elections. Hacktivists like pro-Russian organisation Cyber Army Russia Reborn (CARR) are also testing larger strikes on key infrastructure. CARR, which has questionable ties to APT44, has affected U.S., Polish, and French water systems in a series of basic but aggressive acts.

Cybercriminals

Ransomware-related financial disruptions are already disrupting NATO states’ essential infrastructure, causing hospital patient care, energy, and government service failures. Many crooks target this crucial infrastructure despite their promises. Russian-speaking criminals and North Korean state actors seeking espionage funding have regularly attacked U.S. and European healthcare institutions. This threat will likely grow due to these actors’ ability to operate from states with low cyber crime enforcement or extradition agreements and the lucrative nature of ransomware operations.

Information Operations and Disinformation

Information operations have grown in cyber threat activities over the past decade as wars and geopolitical tensions have increased. These operations range from “troll farm” social media manipulation to intricate network intrusions. Russian and Belarusian information operations have targeted NATO member nations to weaken the Alliance’s cohesiveness and goals.

Some Cyber Espionage operators who acquire clandestine intelligence also conduct information operations. In hack-and-leak activities, APT28 and COLDRIVER have used stolen data, while UNC1151 has used infiltration capabilities in more complicated information operations. False and misleading information is used to influence public opinion, foment strife, and advance political goals.

Google vigorously counters these activities across products, teams, and geographies where they break our standards and disrupt overt and covert information operations campaigns. They report quarterly in the TAG Bulletin on YouTube channel disruptions, blogs, AdSense accounts, and URLs deleted from Google News surfaces.

Information Operations of Prigozhin Survive

Former Russian industrialist Yevgeniy Prigozhin’s disinformation empire continues, albeit less efficiently, after his death. These campaigns continue to spread disinformation and pro-Russia narratives on many social media platforms, recently emphasising alternative sites, across multiple regions.

These efforts advocate for NATO’s disarmament and claim it causes global instability. They criticise NATO leaders too. These commercials’ substance is heavily influenced by geopolitical events like Russia’s 2022 invasion of Ukraine and other Russian strategic aims. NATO and its member states’ backing for Ukraine has made the Alliance a major target directly and indirectly by becoming involved in matters against Russia’s strategic interests.

COLDRIVER

Russian Cyber Espionage actor COLDRIVER has been linked to the Federal Security Service. The actor often conducts credential phishing attempts against prominent NGOs and retired intelligence and military leaders. The hack-and-leak operation employed victim mailbox data stolen by COLDRIVER. In 2022, COLDRIVER leaked information to deepen Brexit-related political divides in the UK.

Before that, the actor revealed U.S.-UK trade deals before the 2019 UK election. Originally targeting NATO countries, COLDRIVER expanded in 2022 to include the Ukrainian government and conflict supporters. In March 2022, COLDRIVER campaigns targeted numerous European militaries and a NATO Centre of Excellence for the first time.

Read more on govindhtech.com

UK Exposes Russia's Covert Cyber Operations

  The Russian Threat Unmasked

In a recent revelation, the UK Foreign Office has condemned Russia for its sustained and unsuccessful attempts at political interference in the UK and globally. This article delves into the highlights of this alarming disclosure, shedding light on the covert cyber operations conducted by the Russian Intelligence Services.   Centre 18 and Star Blizzard: Key Players in Espionage The Foreign, Commonwealth, and Development Office has identified Centre 18, a unit within Russia's Federal Security Service (FSB), as the orchestrator of cyber espionage operations targeting the UK. At the forefront of these activities is Star Blizzard, a group closely associated with FSB Centre 18. The National Cyber Security Centre (NCSC) asserts that Star Blizzard is responsible for a series of cyber operations with the intent to interfere in UK politics and democratic processes.  

Cyber Targets and Covert Operations

Targets and Tactics The primary targets of these cyber operations include politicians, civil servants, journalists, NGOs, and other civil society organizations. The article explores the tactics employed by Star Blizzard, also known as Callisto Group, SEABORGIUM, or COLDRIVER, in their attempts to infiltrate high-profile individuals and entities through cyber means.   Notable Incidents The UK government has exposed specific incidents orchestrated by the FSB through Star Blizzard. These include spear-phishing attacks on parliamentarians, the hack of UK-US trade documents in 2019, and the compromise of the Institute for Statecraft in 2018. The article provides insights into the implications of these incidents and their potential to undermine trust in politics in the UK.  

Sanctions and Confronting the Threat

Action Against Perpetrators In response to these cyber threats, the UK has taken decisive action. Two members of Star Blizzard, identified as Ruslan Aleksandrovich PERETYATKO and Andrey Stanislavovich KORINETS, have been sanctioned. The Foreign Office has also summoned the Russian Ambassador to express deep concern about Russia's sustained attempts to interfere in the UK's political and democratic processes.   Continuous Vigilance and Global Cooperation Despite the unsuccessful nature of these interference attempts, the UK government emphasizes the need for continuous vigilance. Foreign Secretary David Cameron, Deputy Prime Minister Oliver Dowden, and Home Secretary James Cleverly collectively condemn Russia's attempts and pledge to work with global allies to expose covert cyber activities.  

Looking Ahead: Defending Democracy in the Cyber Era

The Evolving Cyber Landscape In a statement, Deputy Prime Minister Oliver Dowden warns of the persistent threat posed by state actors and sub-state hackers. He highlights the importance of raising defenses and taking proactive measures to counter attempts to undermine democracy in the digital realm.   A Whole-of-Society Approach Home Secretary James Cleverly underscores the gravity of attacks on democratic institutions and asserts that the UK will not tolerate foreign interference. He outlines the National Security Act as a tool to create a tougher operating environment for those seeking to interfere in democratic institutions.  

Global Patterns of Malign Cyber Activity

A Broader Context The disclosed cyber-attacks are part of a broader pattern of malign cyber activity conducted by Russian Intelligence Services globally. The UK and its allies have previously exposed Russian involvement in various cyber incidents, including ViaSat, and SolarWinds, and targeting Critical National Infrastructure.   Recognizing the Adversary - Star Blizzard and Beyond The article concludes with a background on the cyber-attacks committed by the group, known by various names such as Star Blizzard, SEABORGIUM, Callisto Group, and more. It highlights the global context of cyber espionage and emphasizes the need for continued international cooperation to counter such threats.   Sources: THX News, Foreign, Commonwealth and Development Office, National Cyber Security Centre, National Crime Agency, The Rt Hon Lord Cameron, The Rt Hon James Cleverly MP, Leo Docherty MP, & The Rt Hon Oliver Dowden CBE MP. Read the full article

Russian COLDRIVER Hackers Expand Beyond Phishing with Custom Malware

Source: https://thehackernews.com/2024/01/russian-coldriver-hackers-expand-beyond.html

More info: https://blog.google/threat-analysis-group/google-tag-coldriver-russian-phishing-malware/

Secret spot...