Google uncovers new Russian spyware LostKeys linked to the FSB

11 May 2025 , 08:11
819     0
Google uncovers new Russian spyware LostKeys linked to the FSB
Google uncovers new Russian spyware LostKeys linked to the FSB

Google uncovers Russian spyware LostKeys linked to FSB hacker group ColdRiver

Google has disclosed (via Android Headlines) the discovery of new Russian spyware named LostKeys, allegedly used by ColdRiver, a hacking group with ties to Russia’s FSB security service.

The spyware is designed to steal files and system data from Western organizations. According to Google’s Threat Intelligence Group (GTIG), LostKeys is deployed in specialized ClickFix attacks—social engineering campaigns that begin with a fake CAPTCHA page. Victims are tricked into running malicious PowerShell scripts, which pave the way for the download and execution of additional malware. LostKeys is then installed and acts like a “digital vacuum cleaner,” extracting files, directories, and system information. Hackers also use other tools such as SPICA to steal documents.

ColdRiver, also known as Star Blizzard or Callisto Group, has been active since 2017 and intensified its operations after Russia’s invasion of Ukraine. The group focuses on cyber-espionage, targeting government and defense institutions, think tanks, politicians, journalists, and NGOs.

The U.S. has imposed sanctions on some of the group’s members and offered a $10 million reward for information leading to their arrest.

Google experts emphasize the urgency of strengthening cybersecurity, particularly for organizations at risk of ColdRiver attacks. They recommend enabling Google’s Advanced Protection Program and keeping security systems fully updated to counter such threats.

 
Editorial Team

Sophia Martinez

World Affairs Correspondent

Print page

Comments:

comments powered by Disqus