Russian Hacking Group ColdRiver Delivers New SPICA Backdoor Via Fake-Encrypted PDFs

Hackers stole $7.5m in HHS grant money, FTC bars data broker from selling precise location data, Stablecoins account for most illicit crypto transactions, Blockchain network hit with DDoS, much more

Note bene: While Metacurity explores switching to alternative newsletter platforms, please know that whatever we do, you can always reach Metacurity at https://metacurity.com.

Image by Vlad Vasnetsov from Pixabay

Researchers at Google’s Threat Analysis Group (TAG) say a notorious hacking group with likely close ties to the Russian state, tracked as ColdRiver but also known as Callisto Group and Star Blizzard, is evolving its tactics beyond phishing to target victims with new data-stealing malware to cause more disruption to its victims, predominantly targets in Ukraine and its NATO allies, academic institutions, and non-government organizations.

TAG researchers say that ColdRiver has continued to shift beyond its usual tactic of phishing for credentials to delivering malware via campaigns using PDF documents as lures. These PDF documents, which TAG said ColdRiver has delivered to targets since November 2022, masquerade as an opinion-editorial piece or another type of article that the spo…