Russian cyberspies linked to the Kremlin’s Federal Security Service (FSB) are moving beyond their usual credential phishing antics and have developed a custom backdoor that they started delivering via email as far back as November 2022, according to Google’s Threat Analysis Group.
TAG tracks this crew as COLDRIVER, while other threat hunters call the government-backed gang Star Blizzard, UNC4057 and Callisto. The gang has been active since at least 2019, and historically targets academia, the military, governmental orgs, NGOs, think tanks, and politicians in US, the UK and other NATO countries.
