COLDRIVER Expands Beyond Phishing, Incorporating Custom SPICA Backdoor
COLDRIVER Expands Beyond Phishing, Incorporating Custom SPICA Backdoor
Summary:
The threat actor associated with Russia, known as COLDRIVER or Star Blizard, has expanded its tactics from mere credential harvesting. The group has initiated campaigns where PDFs are employed as lure documents to distribute malware. Notably, COLDRIVER has introduced its first custom malware, the SPICA backdoor, written in the Rust programming language.
Threat Level – Red | Attack Report
For a detailed threat advisory, download the pdf file here
To receive real-time threat advisories, please follow HiveForce Labs on LinkedIn.