ADVERTISEMENT

Russian threat group ColdRiver launches new malware campaign, say researchers

The Russian threat group ColdRiver – backed by the Kremlin and known for targeting high-ranking Western officials – has added malware to its arsenal of hacking tools.

Unknown Russian hacker

Image by Shutterstock

Stefanie Schappert
Stefanie Schappert Senior Journalist
Jan 19, 2024 2 min read
ADVERTISEMENT

New SPICA malware campaign identified

  • Establish rapport with the target through a fake email account impersonating a likely colleague
  • Send PDF in an email asking target to review an op-ed document or article written by the fake person
  • When the user opens PDF, the text appears encrypted
  • If target writes back that they can not read the encrypted document, ColdRiver sends a fake link directing them to a “decryption utility” aka the backdoor malware dubbed SPICA.
Sample of ColdRiver lure PDF
Sample of a seemingly encrypted PDF sent to lure targets into eventually downloading ColdWater's own SPICA backdoor malware. Image by Google's Threat Analysis Group (TAG).
ADVERTISEMENT