I know that I haven’t blogged here in quite a long time, but I did spot this yesterday.
The group seems to be a new one, although part of the same Russian FSB group.
This time, the group is clled Cold River.
The Russian state-backed Star Blizzard hacker group has ramped up operations with new, constantly evolving malware families (NoRobot, MaybeRobot) deployed in complex delivery chains that start with ClickFix social engineering attacks.
Also known as ColdRiver, UNC4057, and Callisto, the Star Blizzard threat group abandoned the LostKeys malware less than a week after researchers published their analysis and leveraged the *Robot malicious tools “more aggressively” than in any of its previous campaigns.
Its interesting that this is using the “I am not a robot” fascility to get their wares on to the machine.
Should we not be surprised by the following paragraph? It says:
In a report in May, the Google Threat Intelligence Group (GTIG) said that it observed the LostKeys malware being leveraged in attacks on Western governments, journalists, think tanks, and non-governmental organizations.
To add insult to injury, the article says:
After publicly disclosing the LostKeys malware, GTIG researchers say that ColdRiver completely abandoned it and started to deploy new malicious tools, tracked as NOROBOT, YESROBOT, and MAYBEROBOT, in operations just five days later.
So now we’ve got three different bots and they’re all not going to be good bots. The article goes in to detail on this and if you’ve not seen this you should read it.
The full article is titled Russian hackers evolve malware pushed in “I am not a robot” captchas so go check it out if this interests you.
Discover more from The Technology blog and podcast
Subscribe to get the latest posts sent to your email.