The newly identified malware, dubbed LOSTKEYS, has been observed targeting diplomatic institutions, defense contractors, and critical infrastructure organizations across Europe and North America since early 2025. Their analysis revealed the malware’s sophisticated obfuscation techniques and command-and-control infrastructure, which leverages compromised legitimate websites as proxies to mask its true origin and complicate attribution efforts. Cyber Security News is a Dedicated News Platform For Cyber News, Cyber Attack News, Hacking News & Vulnerability Analysis. The impact of LOSTKEYS infections has been substantial, with affected organizations reporting significant intellectual property theft and unauthorized access to sensitive communications. With years of experience under his belt in Cyber Security, he is covering Cyber Security News, technology and other news. Cybersecurity researchers have uncovered a sophisticated malware campaign attributed to the Russian threat actor COLDRIVER, also known as Star Blizzard or Callisto. When the victim opens the attachment, a multi-stage infection process begins silently in the background, establishing persistence while evading detection by conventional security solutions. The malware’s stealthy nature means many victims remain unaware of its presence for extended periods, allowing the attackers to maintain persistent access and continuously harvest valuable data. Initial analysis indicates the malware is designed specifically for data exfiltration operations, with a focus on credentials, sensitive documents, and communications. Google Threat Intelligence researchers identified the campaign after observing unusual data transfer patterns from several high-profile organizations. LOSTKEYS communicates with its command servers using encrypted channels that mimic legitimate HTTPS traffic, making detection through network monitoring extremely challenging. LOSTKEYS primarily propagates through spear-phishing emails containing malicious document attachments that exploit previously undisclosed vulnerabilities in popular office productivity software. The malware then performs environment checks to identify security tools, executing evasive maneuvers when necessary. Tushar is a Cyber security content editor with a passion for creating captivating and informative content. Security agencies across multiple countries have issued alerts warning potential targets about this evolving threat. LOSTKEYS demonstrates COLDRIVER’s continued evolution in capabilities and tactics, representing a significant advancement over their previous tools. The malware’s modular architecture allows operators to deploy additional capabilities as needed, tailoring the attack to each specific target. The group’s targeting patterns align with Russian strategic intelligence priorities, further strengthening attribution confidence. The malware’s infection chain begins with a weaponized document containing obfuscated VBA macros.
This Cyber News was published on cybersecuritynews.com. Publication date: Thu, 08 May 2025 04:54:58 +0000