COLDRIVER Using New Malware To Steal Documents From Western Targets and NGOs
NetmanageIT OpenCTI - opencti.netmanageit.com
SUMMARY :
Russian government-backed threat group COLDRIVER has developed a new malware called LOSTKEYS, capable of stealing files and system information. The group targets high-profile individuals, NGOs, and former intelligence officers through credential phishing and malware delivery. LOSTKEYS is delivered through a multi-step infection chain, starting with a fake CAPTCHA and involving PowerShell commands. The malware evades detection in VMs and uses a substitution cipher for decoding. COLDRIVER's primary goal is intelligence collection for Russia's strategic interests, targeting Western governments, militaries, journalists, and Ukraine-related individuals. The group has been linked to hack-and-leak campaigns in the UK and against NGOs.
OPENCTI LABELS :
powershell,phishing,credential theft,clickfix,spica,document theft,lostkeys,ngos
Open in NetmanageIT OpenCTI Public Instance with below link!
Use public read only username and password on login page.
NOTE : Use Public READ only user credentials on login page banner.
COLDRIVER Using New Malware To Steal Documents From Western Targets and NGOs