This level of activity is unprecedented and represents a major uptick by COLDRIVER, a hacking group reportedly affiliated with the Russian government. As of May 2025, COLDRIVER has developed a new breed of malware. It’s no longer the first version of this malware, and it works at a much faster speed. This new malware, called YESROBOT, is causing a stir being the latest of a wide array of attacks related to the “ROBOT” family. This comes on the heels of a gauntlet of past intrusions, including the nefarious LOSTKEYS, that exfiltrate sensitive data.
Read on to learn how COLDRIVER’s illicit hacking activities have transformed dramatically over the years, as recent reports reveal. Indie collective YESROBOT just released its most recent variant, YESROBOT. In fact, it has only been deployed twice – both in late May of 2025 within a two-week span. In the meantime, the public edged out some details on LOSTKEYS. This disclosure screamed a worrisome pattern in the pace and strategy of the group.
The Evolution of COLDRIVER’s Malware
COLDRIVER’s malware families have undergone constant evolution. For deployment operations the group originally pared down its NOROBOT malware to increase deployment success rates. Complexity was soon reintroduced, as they went on to change cryptographic keys in order to strengthen their security posture.
Cybersecurity analyst Wesley Shields went into more detail about this change. He stated, “NOROBOT and its preceding infection chain have been subject to constant evolution. Initially simplified to increase chances of successful deployment, before reintroducing complexity by splitting cryptography keys.”
This adaptive tactic is preventing cybersecurity professionals from predicting their efforts and stopping them with growing success. Today’s threat environment is a perfect storm of overlapping, interrelated malware families connected by a highly developed and efficient delivery chain.
Legal Actions and Suspects
These are particularly noteworthy as the Openbaar Ministerie (OM) spoke recently of taking ‘crucial steps‘. Specifically, they uncovered that three 17-year-old males are suspected of providing ROBBERY services to a foreign country, believed to be tied to COLDRIVER. One suspect reportedly stayed in touch with a Russian state-sponsored group of hackers during his time working for the government.
Two of the would-be suspects were arrested on September 22, 2025. Authorities originally sought to place the third suspect under house arrest, citing his “limited role” in the case. This civil action indicates the increasing attention and aggressiveness with which law enforcement agencies treat bad actors as cyber threats proliferate.
The Dutch government body noted, “There are no indications yet that pressure has been exerted on the suspect who was in contact with the hacker group affiliated with the Russian government.” At a minimum, this statement indicates that investigations are still ongoing and that authorities are watching the situation closely.
Implications of Cyber Espionage
The impact of COLDRIVER’s malware development goes far beyond hacking attacks. According to the OM, the suspects practiced gathering personal information and peddling it to data broker clients in exchange for payment. This data is not just consumer information; it can be used for digital espionage and cyber attacks.
“The information collected has been shared with the client by the former suspect for a fee and can be used for digital espionage and cyber attacks,” stated an OM representative. This disturbing disclosure should put everyone on notice about the troubling ways sensitive data can be misused. It calls attention to the very urgent need for increased scrutiny in cybersecurity practices.
Cybersecurity researchers are working around the clock to assess the implications of these recent changes. It turns out that DSM’s COLDRIVER is a major threat in the world of cyber warfare. The group’s ability to adapt and evolve its malware strategies presents ongoing challenges for security professionals tasked with defending against such sophisticated attacks.