Friday, May 9, 2025
Advertisements

Russian Hackers Target Diplomatic, Defense, and Critical Infrastructure with LOSTKEYS Malware

by Charline

Cybersecurity experts have uncovered a new malware campaign linked to the Russian hacker group COLDRIVER, also known as Star Blizzard or Callisto. The malware, named LOSTKEYS, has been actively targeting diplomatic institutions, defense contractors, and critical infrastructure organizations across Europe and North America since early 2025.

LOSTKEYS is designed to steal sensitive data, focusing on credentials, confidential documents, and communications. The malware spreads primarily through spear-phishing emails containing malicious attachments. These emails appear legitimate, often pretending to be from trusted partners or government agencies. The attachments exploit previously unknown vulnerabilities in widely used office software.

Advertisements

Once a victim opens the attachment, a multi-stage infection begins in the background. This process ensures the malware remains persistent and undetected by standard security systems.

Advertisements

The campaign was discovered by Google Threat Intelligence researchers, who noticed unusual data transfers from several high-profile organizations. Their investigation revealed sophisticated obfuscation methods and a command-and-control network that uses compromised legitimate websites as proxies to hide the true origin of the attack.

Advertisements

The impact of LOSTKEYS has been severe, with many affected organizations reporting theft of intellectual property and unauthorized access to private communications. The malware’s stealthy design means many victims remain unaware of the breach for extended periods, allowing hackers to maintain ongoing access and continue stealing sensitive information.

Advertisements

Security agencies in multiple countries have issued warnings about the threat. The LOSTKEYS campaign marks a significant evolution in COLDRIVER’s hacking tactics and capabilities, with their targets closely aligned with Russian intelligence interests. This raises confidence in attributing the attack to the group.

Advertisements

You may also like

blank

At ProxyServerPro, we are dedicated to providing cutting-edge proxy solutions tailored to meet the diverse needs of businesses and individuals. Our platform offers a comprehensive range of high-performance proxies, including residential, datacenter, and mobile options, ensuring seamless browsing, data scraping, and online anonymity. With a focus on reliability, speed, and security, we empower users to navigate the digital landscape with confidence. Whether you’re managing ad verification, market research, or web automation, ProxyServerPro is your trusted partner for scalable, efficient, and secure proxy services. Explore our portal to discover how we can elevate your online experience.

© 2024 Copyright  proxyserverpro.com