Google Uncovers LOSTKEYS Malware Tied to Russian Hackers

 

Google Uncovers 'LOSTKEYS' Malware Linked to Russian Hacking Group Cold River

May 7, 2025 — Alphabet’s Google has disclosed the discovery of a sophisticated new malware strain dubbed "LOSTKEYS", attributed to the notorious Russian-linked hacking group Cold River. The malware, designed to steal sensitive files and transmit system information to attackers, represents an alarming evolution in the group's capabilities, according to Google’s Threat Intelligence Group.

“LOSTKEYS marks a new development in the toolset of Cold River,” said Wesley Shields, a researcher at Google's cybersecurity division.

A New Phase in Russian Cyber Espionage

Cold River, a group long associated with Russia’s Federal Security Service (FSB), has been active in numerous high-stakes cyber operations. Known for targeting high-profile individuals and institutions across NATO-aligned countries, the group primarily focuses on credential theft and data exfiltration in pursuit of geopolitical intelligence.

According to Google’s report, Cold River’s recent operations between January and April 2025 targeted a wide range of entities, including:

• Advisers to Western governments and military officials (both current and former)

• Journalists and researchers

• Non-governmental organizations and think tanks

• Individuals with ties to Ukraine

A History of High-Impact Attacks

This isn’t the group’s first headline-grabbing move. Cold River was behind the 2022 cyberattack on three U.S. nuclear research labs, and later that year, the leak of private emails belonging to former British intelligence chief Richard Dearlove and other pro-Brexit figures. These campaigns demonstrated the group’s strategic focus on intelligence gathering that aligns with Russian state interests.

While the Russian embassy in Washington has yet to comment on the latest findings, the report underscores the ongoing threat posed by well-resourced state-linked hacking groups.

Why It Matters

The identification of LOSTKEYS is a stark reminder of the evolving tools and techniques deployed in cyber warfare. As Cold River continues to sharpen its capabilities, institutions across the public and private sectors are being urged to strengthen their cybersecurity posture.