Russian COLDRIVER Hackers Deploy LOSTKEYS Malware to Steal Sensitive Information
NetmanageIT OpenCTI - opencti.netmanageit.com
SUMMARY :
The Google Threat Intelligence Group has identified a sophisticated malware called LOSTKEYS, attributed to the Russian government-backed threat actor COLDRIVER. Active since December 2023, LOSTKEYS represents an evolution in COLDRIVER's toolkit, targeting high-value entities such as NATO governments, NGOs, and former intelligence officers. The malware exfiltrates specific files, harvests system information, and targets individuals linked to Ukraine or Western governments. COLDRIVER's primary goal appears to be intelligence collection aligned with Russia's interests. The infection chain involves a complex multi-stage process, beginning with a fake CAPTCHA and employing various evasion tactics. Google has implemented countermeasures and recommends enhanced security measures for users.
OPENCTI LABELS :
powershell,ukraine,nato,captcha,multi-stage infection,ngo,lostkeys,intelligence collection,russian hackers,western governments
Open in NetmanageIT OpenCTI Public Instance with below link!
Use public read only username and password on login page.
NOTE : Use Public READ only user credentials on login page banner.
Russian COLDRIVER Hackers Deploy LOSTKEYS Malware to Steal Sensitive Information