New Russian Malware Marks Shift in Cold River’s Cyber Arsenal

A recently identified malware campaign signals a significant evolution in the capabilities of Cold River, according to cybersecurity expert Wesley Shields from Google’s Threat Intelligence Group. In a blog post, Shields noted that this fresh cyber tool represents a notable advancement in Cold River’s digital warfare tactics.

The hacking outfit, Cold River—commonly associated with Russia’s Federal Security Service (FSB)—has built a reputation for breaching the login credentials of prominent individuals. These have included personnel within NATO member states, ex-diplomats, intelligence officials, and global non-governmental organizations. The primary motive behind such operations is believed to be the collection of intelligence in line with Russia’s geopolitical goals.

In early 2025, Cold River’s operations zeroed in on a new set of targets. Among those affected were advisers currently or formerly affiliated with Western militaries and governments, journalists, NGOs, and individuals with ties to Ukraine. These attacks were identified in January, March, and April, as outlined in Shields’ report.

When approached for comment, the Russian embassy in Washington remained unresponsive.

Cold River has a history of headline-making breaches. In mid-2022, the group reportedly infiltrated three major U.S. nuclear research facilities. That same year, private emails belonging to former British intelligence chief Richard Dearlove and other pro-Brexit figures were leaked in a politically charged cyber incident.

This ongoing pattern of digital aggression reflects Cold River’s persistent role in cyber espionage aligned with Moscow’s interests.

Read Also:

• Google Unveils ‘Ananta’: A Monumental Leap in India’s Tech Landscape
• Google launches Squid Game-inspired Easter egg with “Red Light, Green Light” game