The PolySwarm Blog

Analyze suspicious files and URLs, at scale, millions of times per day. Get real-time threat intel from a crowdsourced network of security experts and antivirus companies competing to protect you.

COLDRIVER Updates Its Arsenal

Oct 31, 2025 2:15:39 PM / by The Hivemind posted in Threat Bulletin, Star Blizzard, AES-256-CBC encryption, COLDRIVER malware, Russian state-sponsored cyber threats, YESROBOT, ClickFix lure, malware infection chain, MAYBEROBOT, high-value target attacks, NOROBOT, cybersecurity defense

0 Comments

Verticals Targeted: NGOs, Policy Advisors, Dissidents
Regions Targeted: Not Specified
Related Families: LOSTKEYS, COLDCOPY, YESROBOT, MAYBEROBOT

Executive Summary

Industry researchers have identified new malware families, including NOROBOT, YESROBOT, and MAYBEROBOT, deployed by the Russian state-sponsored group COLDRIVER, targeting high-value individuals in NGOs, policy advisors, and dissidents. This rapid retooling, observed after the May 2025 disclosure of LOSTKEYS, showcases COLDRIVER’s evolving tactics to evade detection while maintaining aggressive intelligence collection.

Read More

Star Blizzard’s LOSTKEYS Malware

May 19, 2025 1:20:19 PM / by The Hivemind posted in Russia, Threat Bulletin, Star Blizzard, LOSTKEYS

0 Comments

Verticals Targeted: NGOs, Diplomats, Government  
Regions Targeted: Western countries, Eastern Europe, Ukraine  
Related Families: Spica

Executive Summary

Star Blizzard, a Russian state-sponsored threat actor, has deployed a malware family named LOSTKEYS to steal sensitive documents and system information from NGOs, diplomats, and government officials in Western countries and Eastern Europe.

Read More
All posts

Subscribe to Email Updates

Lists by Topic

see all

Posts by Topic

See all

Recent Posts

Join the Marketplace

For Enterprises and Businesses

Learn More

For Security Experts and AV Companies

Learn More