Google Ties LostKeys Spy Malware to Russia Hackers

Google has identified a new malware strain, dubbed LostKeys, being deployed by the Russian state-linked hacking group ColdRiver in a wave of cyberespionage attacks, according to a recent report. Since the start of the year, the group has used the malware to steal sensitive files from targets across Western governments, media organizations, think tanks, and non-governmental entities.

The campaign underscores a continued focus by Russian-backed cyber actors on intelligence gathering aimed at influencing or undermining institutions in the West. LostKeys enables attackers to exfiltrate data, suggesting a broader effort to access confidential information for strategic purposes.

ColdRiver, known for its persistent targeting of Western interests, appears to be leveraging the new malware as part of its evolving toolkit. The attacks reflect escalating tensions in cyberspace, where state-sponsored groups are increasingly turning to customized tools to breach high-value targets. Google’s findings add to growing concerns over cybersecurity threats from nation-state actors.