October 4, 2024 at 10:18AM Microsoft and the U.S. DoJ announced the seizure of 107 internet domains linked to Russian state-sponsored threat actors engaged in cybercrime. The threat actor, known as COLDRIVER and affiliated with the Russian Federal Security Service, targeted U.S. government, NGOs, and think tanks through spear-phishing campaigns. Microsoft also filed a civil … Read more
September 9, 2024 at 09:51AM A pro-democracy NGO in Russia, the Free Russia Foundation, suspects Kremlin-linked group COLDRIVER behind a recent hack that leaked files. Citizen Lab’s report highlighted personalized phishing attacks on non-profits in Russia and Belarus, suggesting COLDRIVER’s involvement. The attacks aim to steal sensitive information and may lead to repression of pro-democracy … Read more
August 14, 2024 at 02:52PM Russia’s FSB cyberspies and a new group conducted a phishing campaign targeting US and European entities, including opposition figures, media outlets, and defense-industrial targets. Named “River of Phish,” the campaign aimed to steal user credentials and influence Western elections. The attackers impersonated colleagues and used encrypted PDFs to trick victims … Read more
January 18, 2024 at 11:03AM COLDRIVER, a Russia-linked threat actor, has evolved its tactics to include creating and using its first custom malware in the Rust programming language. The group leverages PDF decoy documents in spear-phishing campaigns, targeting organizations in various sectors. Google TAG has observed the actor’s use of benign PDFs to deliver a … Read more
January 18, 2024 at 11:03AM Google’s Threat Analysis Group (TAG) has uncovered a Russian-backed hacking group, ColdRiver, spreading previously unknown backdoor malware through fake PDF decryption tools. The malware, named Spica, allows attackers to establish control over compromised devices and steal sensitive information. Google has taken action to protect users and has linked ColdRiver to … Read more
January 18, 2024 at 09:12AM Google has warned about the Russian threat group ColdRiver known for phishing attacks and developing custom malware. Tracked as Star Blizzard, Callisto Group, and others, the group is linked to Russia’s FSB. US and UK governments have issued warnings and sanctions. Google discovered the Spica backdoor malware used for cyberespionage … Read more
January 18, 2024 at 09:05AM Russian cyberspies, associated with the FSB, have developed a custom backdoor called SPICA, targeting academia, military, governmental orgs, NGOs, think tanks, and politicians in the US, the UK, and other NATO countries. They have recently escalated their attacks against Ukraine’s military and other Eastern European nations. The group employs sophisticated … Read more
December 7, 2023 at 10:06AM The COLDRIVER threat actor, tracked as Star Blizzard by Microsoft and linked to Russia’s FSB, has been targeting entities aligned with Russian interests using advanced credential theft and evasion techniques. They use impersonating domains, email campaigns, and server-side scripts for phishing while avoiding detection. Recently, the U.K. sanctioned two of … Read more