Google says Russian espionage crew behind new malware campaign
Reading Time: 2 minutesGoogle researchers say they have evidence that a notorious Russian-linked hacking group — tracked as ‘Cold River’ — is evolving its tactics beyond phishing to target victims with data-stealing malware.
Cold River, also known as ‘Callisto Group’ and ‘Star Blizzard,’ is known for conducting long-running espionage campaigns against NATO countries, particularly the United States and the United Kingdom.
Researchers believe the group’s activities, which typically target high-profile individuals and organizations involved in international affairs and defense, suggest close ties to the Russian state. U.S. prosecutors in December indicted two Russian nationals linked to the group.
Google’s Threat Analysis Group (TAG) said in new research this week that it has observed Cold River ramping up its activity in recent months and using new tactics capable of causing more disruption to its victims, predominantly targets in Ukraine and its NATO allies, academic institutions and non-government organizations.
These latest findings come soon after Microsoft researchers reported that the Russia-aligned hacking group had improved its ability to evade detection.
These PDF documents, which TAG said Cold River has delivered to targets since November 2022, masquerade as an opinion-editorial piece or another type of article that the spoofed account is looking to solicit feedback on.
When the victim opens the benign PDF, the text appears as if it is encrypted. If the target responds that they cannot read the document, the hacker will send a link to a ‘decryption’ utility, which Google researchers say is a custom backdoor tracked as ‘SPICA.’ This backdoor, which Google says is the first custom malware to be developed and used by Cold River, gives the attackers persistent access to the victim’s machine to execute commands, steal browser cookies, and exfiltrate documents.
Google says that on discovery of the Cold River malware campaign, the technology giant added all of the identified websites, domains, and files to its Safe Browsing service to block the campaign from further targeting Google users.
Google researchers previously linked the Cold River group to a hack-and-leak operation that saw a trove of emails and documents stolen and leaked from high-level Brexit proponents, including Sir Richard Dearlove, the former head of the U.K. foreign intelligence service MI6.
Reference: https://techcrunch.com/2024/01/18/google-cold-river-russia-espionage-malware/
Ref: techcrunch
MediaDownloader.net -> Free Online Video Downloader, Download Any Video From YouTube, VK, Vimeo, Twitter, Twitch, Tumblr, Tiktok, Telegram, TED, Streamable, Soundcloud, Snapchat, Share, Rumble, Reddit, PuhuTV, Pinterest, Periscope, Ok.ru, MxTakatak, Mixcloud, Mashable, LinkedIn, Likee, Kwai, Izlesene, Instagram, Imgur, IMDB, Ifunny, Gaana, Flickr, Febspot, Facebook, ESPN, Douyin, Dailymotion, Buzzfeed, BluTV, Blogger, Bitchute, Bilibili, Bandcamp, Akıllı, 9GAG