back to article Google TAG: Kremlin cyber spies move into malware with a custom backdoor

Russian cyberspies linked to the Kremlin's Federal Security Service (FSB) are moving beyond their usual credential phishing antics and have developed a custom backdoor that they started delivering via email as far back as November 2022, according to Google's Threat Analysis Group. TAG tracks this crew as COLDRIVER, while other …

  1. Omnipresent Bronze badge

    Want to know why?

    Want to know why you feel like you are living in a sim? Russia, N korea, China, and Iran have been at war with the world since 2016 when they got the Orange florida terrorist installed through social media.

    1. Anonymous Coward
      Anonymous Coward

      Re: Want to know why?

      No – that’s a hallucination. You need to see a mental health professional immediately.

  2. Dinanziame Silver badge
    Facepalm

    The victim, we're told, can't open the benign PDF, which appears to be encrypted. It's not, but this usually prompts a return email from the victim saying they can't open the doc. Then the phony email account responds with a link to a "decryption" utility that is actually the SPICA backdoor.

    Oh come on

    1. Omnipresent Bronze badge

      You think this is the only way it's being used? How many official "fed ex" and delivery service emails did you get over the holiday with links to follow your package? I once plugged in my iphone to back up to a mac, and the mac told me to download a utility for an older phone first... it was a mac, so I just clicked without thinking..... The truth is people are being attacked all the time, and the attackers are out on social, and other platforms (game chats etc) telling people "not to worry, they are not the target", and people are so reliant on the machine they have to believe it. The truth is the people are very much the targets, and the bad guys have data based everything they are by now.... right down to mapping out their houses. They have profiled you in ways you didn't know existed. You are being attacked from every angle all the time. By ad agencies, tech firms, socials, AI, foreign actors..... anything that has an interest in profiling you, has you.

  3. Anonymous Coward
    Anonymous Coward

    Kremlin cyber spies .. oh scary ö

    What is GCHQM and the NSA doing to justify their vast budget /s

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like