Google's Threat Intelligence Group Exposes COLDRIVER's Latest Cyber Weapon

In a groundbreaking report released on Wednesday, Google LLC's Threat Intelligence Group unveiled the discovery of a sophisticated malware dubbed "LOSTKEYS." This cyber threat, linked to the Russian government-backed group COLDRIVER, is designed for credential phishing, targeting high-profile entities including NATO governments, NGOs, and former intelligence officers.

How 'LOSTKEYS' Operates

The malware exhibits a dangerous capability to steal files from specific directories and extensions, alongside harvesting system information and running processes for the attackers. Observations of its activity were notably recorded in January, March, and April of 2025, marking a persistent threat in the cyber landscape.

The Targets and Intentions Behind the Attacks

COLDRIVER's campaign has zeroed in on a broad spectrum of victims, from advisors to Western governments and militaries to journalists and think tanks, with a particular focus on individuals associated with Ukraine. Google's analysis suggests that the ultimate aim of these operations is to collect intelligence aligning with Moscow's strategic interests, underscoring the geopolitical dimensions of cyber warfare.