The Reveal Platform
Intel Name: To be (a robot) or not to be: new malware attributed to russia state-sponsored coldriver
Date of Scan: October 22, 2025
Impact: High
Summary: After the public disclosure of its LOSTKEYS malware in May 2025, the Russian state-sponsored threat group COLDRIVER (also known as UNC4057, Star Blizzard, and Callisto) quickly adapted, launching new malware families within just five days. The new malware, more aggressive than previous campaigns, is part of a rapidly evolving collection of related malware families connected through a delivery chain. This shift in tactics demonstrates an accelerated development and operational pace by COLDRIVER, who has not used LOSTKEYS since its public revelation.
