Google detects LOSTKEYS Malware tied to Russian Hackers
Google has identified a new malware strain called LOSTKEYS, which is reportedly connected to Cold River, a Russian-backed hacker group with ties to the nation’s Federal Security Service (FSB). This development marks a significant escalation in the group’s cyber arsenal. According to Google’s Threat Intelligence Group (GTIG), the malware is capable of extracting sensitive files and sending system data to its operators.
This discovery was shared in a blog post by GTIG on Wednesday, and it emphasizes how Cold River continues to evolve. Wesley Shields, a GTIG researcher, noted that LOSTKEYS signals a “new development in the toolset” of the group. Previously, Cold River had targeted high-profile entities, but this malware shows a broader, more dangerous potential.
Cold River’s Expanding Reach
Cold River has a track record of targeting strategic individuals and institutions. Between January and April 2025, Google observed that the group focused its attacks on current and former advisers to Western governments and military bodies. Additionally, it went after journalists, NGOs, international think tanks, and individuals with connections to Ukraine. These actions suggest Cold River’s ongoing mission: gathering intelligence that supports Russia’s geopolitical goals.
Although the Russian embassy in Washington has not responded to the allegations, the group’s previous actions speak volumes. In 2022, Cold River was linked to cyberattacks on three nuclear research facilities in the U.S. That same year, the group allegedly leaked emails belonging to former British intelligence head Sir Richard Dearlove and other pro-Brexit figures.
Growing Global Cybersecurity Risks
Cybersecurity experts warn that LOSTKEYS represents an alarming trend in state-sponsored hacking. While similar tools have surfaced in the past, LOSTKEYS combines data theft with stealthy system tracking, making it particularly dangerous. Google has issued a public advisory, urging vulnerable organisations to stay alert and upgrade their cybersecurity protocols.
Given the rise in cyber warfare techniques, institutions and individuals must prioritise security. As cyber threats grow more complex, the risks extend beyond data loss to geopolitical destabilisation.
