A newly identified malware tool linked to the notorious hacking group Cold River signals a significant evolution in the group’s capabilities, according to a recent blog post by Wesley Shields of Google’s Threat Intelligence Group.
Cold River, believed to be tied to Russia’s Federal Security Service (FSB), has a history of cyber-espionage campaigns targeting NATO-affiliated governments, NGOs, and former intelligence officials. The primary objective of these operations is to gather intelligence that supports Russian geopolitical interests, Shields noted.
Recent attacks tracked by Google in January, March, and April 2025 focused on individuals and organizations with connections to Western defense advisory roles, journalism, policy think tanks, and non-profits. Some of the targets were also linked to Ukraine, highlighting the group’s ongoing interest in the region amid continued geopolitical tensions.
Cold River’s previous campaigns have included 2022 intrusions into three U.S. nuclear research labs, as well as the leak of private emails belonging to former British intelligence chief Richard Dearlove and other pro-Brexit figures, an incident also disclosed in 2022.
The Russian embassy in Washington has not issued a response regarding the latest findings.
