Google has uncovered a dangerous new type of malware, calling it “LOSTKEYS.” This malicious software has been connected to a well-known hacking group called Cold River, which is believed to be operating from Russia. According to Google’s own experts, this malware can sneak into computers, steal important files, and secretly send system details back to the attackers.
The tech giant shared this news through its Google Threat Intelligence Group. One of its researchers, Wesley Shields, explained that LOSTKEYS represents a serious new weapon in the hackers’ collection of tools. It’s more advanced than what they’ve used before and is designed to help them gather secret information without being noticed.
Cold River is already infamous for hacking into the accounts of important people. Their targets have included government officials, military advisers, and even groups that work to make the world a better place, like charities and think tanks. Google’s latest findings show that this group is becoming even more aggressive and capable.
20 Trillion Operations Per Second—But One Hacker Can Still Ground the F-35
Targets Include Advisers, Journalists, and NGOs
In their recent attacks, Cold River hasn’t gone after everyday people but rather focused on high-profile individuals and organizations. Google noticed fresh attacks during January, March, and April of 2025. The victims included current and former advisers to Western governments and military groups. Journalists, think tanks, and organizations that don’t belong to any government, known as non-governmental organizations (NGOs), were also on the hit list.
Even individuals connected to Ukraine have been targeted, making this not just a case of random hacking but one with serious political and strategic goals. According to Google, the group’s main mission is to collect secret information that supports Russian interests on the global stage.
Cold River’s actions are not new. In the past, they have been linked to campaigns where they stole emails and sensitive data. Their activities have caused serious concern among security agencies worldwide, and this latest discovery only adds to the growing list of cyberattacks connected to them.
Russian-Linked Cyber Espionage Hits Kazakhstan with Dangerous Malware
A History of Bold and Harmful Attacks
Cold River has been involved in some of the most high-profile hacking cases in recent years. Back in the summer of 2022, they were caught trying to break into three U.S. nuclear research labs. This was a bold move that showed just how far they are willing to go. The same year, they leaked private emails from important figures, causing political waves and public scandals.
Google’s experts say that LOSTKEYS marks a new step forward in the group’s hacking abilities. Unlike earlier malware, which mostly tried to steal login details, LOSTKEYS can dig deeper. It can search a computer for files, grab them without permission, and send them back to the hackers — all without the computer’s owner knowing what’s happening.
When asked about these claims, the Russian embassy in Washington did not provide any comment. Meanwhile, cybersecurity teams around the world are now on high alert, trying to protect their systems from this new threat.
Google’s discovery is a stark reminder that cyberattacks are not going away anytime soon. With groups like Cold River constantly developing new malware like LOSTKEYS, the battle to keep personal and national information safe continues to grow more challenging.
