A new malware called LOSTKEYS, capable of stealing files and system data, has been identified by Google’s Threat Intelligence Group (GTIG) as part of a series of cyberattacks attributed to COLDRIVER, a threat actor linked to the Russian government. The malware, observed in attacks during January, March, and April 2025, marks a new step in COLDRIVER’s evolving capabilities. Previously known primarily for credential phishing targeting Western diplomats, NGOs, and intelligence personnel, the gr
