In a recent announcement, Google, owned by Alphabet, revealed the discovery of a new malware named “LOSTKEYS” that has been linked to the Russian hacking group Cold River. This malicious software is capable of stealing files and transmitting system information to attackers. According to Wesley Shields, a researcher at Google Threat Intelligence Group, the emergence of this malware represents a significant advancement in Cold River’s arsenal. Known for targeting high-profile individuals such as those in NATO governments, non-governmental organizations, and former intelligence personnel, Cold River is believed to be affiliated with Russia’s Federal Security Service. The primary objective of these cyber attacks is to gather intelligence in support of Russian strategic interests. Recent victims, identified between January and April 2025, include advisers to Western governments and militaries, journalists, think tanks, NGOs, and individuals associated with Ukraine. Notably, Cold River has previously conducted operations like targeting U.S. nuclear research facilities in 2022 and disclosing private emails of former British intelligence chief Richard Dearlove in collaboration with pro-Brexit figures in May 2022. The Russian embassy in Washington has not provided any official response to these allegations.
