Google Discovers New Malware Linked to Russian Hacking Group Cold River
Alphabet’s Google has revealed the discovery of a new malware, dubbed "LOSTKEYS," attributed to the Russian-based hacking group Cold River. This malware is designed to steal files and transmit system information back to its operators.
Wesley Shields, a researcher at Google’s Threat Intelligence Group, explained in a blog post that the malware marks a significant evolution in Cold River’s cyber toolset. This group, which has been previously associated with Russia’s Federal Security Service (FSB), is notorious for targeting high-profile individuals and organizations, including NATO governments, NGOs, and former intelligence officers, all in pursuit of gathering intelligence for Russian strategic goals.
Recent campaigns attributed to Cold River were observed between January and April 2025, targeting current and former Western government and military officials, journalists, think tanks, NGOs, and individuals with ties to Ukraine.
Notably, the group has a history of high-profile attacks, including the targeting of U.S. nuclear research labs in 2022 and the leak of private emails from former British intelligence chief Richard Dearlove and other pro-Brexit figures in May 2022.
The Russian embassy in Washington has yet to comment on the findings.