LOSTKEYS, Google says the crew spun up a fresh “ROBOT” chain (NOROBOT → YESROBOT → MAYBEROBOT). Then came ClickFix-style shenanigans, and—because email got boring—linked-device hijacks on WhatsApp and interest in Signal.
Net: cheap retooling + high pressure = 75% odds we see a new family or new initial-access vector inside 12 months.
Where’s your line between “new” and “reskin”—new C2 protocol, loader language shift, or distinct backdoor flow? Pick your signals now.
Read the forecast → https://blog.alphahunt.io/coldrivers-next-move
#AlphaHunt #ThreatIntel #COLDRIVER #StarBlizzard #CyberSecurity