In 2025, cybersecurity researchers uncovered a disturbing new campaign by the Russian state-aligned hacking group known as ColdRiver, also tracked as Star Blizzard and Callisto Group, that weaponized one of the internet’s most ubiquitous features–the “I am not a robot” CAPTCHA. In a clever twist, the group used this familiar verification prompt not to protect against bots, but to trick human targets into downloading malware. The operation marks a striking escalation in social engineering tactics and underlines how persistent, state-sponsored actors continue to refine their methods for psychological manipulation and technical deception.
A Familiar Prompt Turned Weapon
The campaign began circulating in mid-2025. ColdRiver distributed phishing emails containing malicious links that directed recipients to what appeared to be legitimate web pages. The pages mimicked the look of common login portals or file-sharing sites, presenting the user with a familiar reCAPTCHA-style box labeled “I am not a robot.”
Clicking this seemingly benign checkbox, however, triggered the download of a malicious ZIP archive. The file contained obfuscated Windows executables masquerading as PDFs or other business-related documents. Researchers dubbed this deception sequence a typical “ClickFix” attack, which at its core is a blend of social engineering and technical misdirection designed to bypass user suspicion.
What made the campaign especially effective was its use of visual familiarity. CAPTCHA interfaces are trusted elements of the modern web, so users are conditioned to interact with them automatically. By embedding the malware behind that action, ColdRiver exploited an everyday habit that transcends security awareness training.
Moreover, the attackers refined their delivery mechanisms to evade detection. Security analysts observed that the malicious pages were dynamically generated and hosted on compromised WordPress sites. The payloads were often short-lived, replaced or moved within hours to prevent defenders from obtaining stable samples. This operational discipline allowed ColdRiver to sustain the campaign for weeks before it was widely recognized.
The ClickFix Ecosystem
Researchers described the “ClickFix” campaign as part of a broader ColdRiver ecosystem involving multiple payloads and staged delivery. Once victims clicked the CAPTCHA and executed the payload, an initial dropper downloaded additional malware components from remote servers controlled by the attackers.
The campaign primarily targeted Western diplomatic, academic, and defense entities, consistent with ColdRiver’s long-standing geopolitical focus. Microsoft and Google both noted that the group’s phishing and malware campaigns have historically coincided with major political or military developments involving Russia and NATO.
In this instance, the use of the CAPTCHA decoy represented a new front in social engineering, blending behavioral psychology with technological mimicry. It demonstrated that ColdRiver continues to adapt, not only to circumvent security software, but also to undermine human vigilance.
NOROBOT, YESROBOT, and MAYBEROBOT
ColdRiver’s latest operations have revealed a new generation of custom malware families, collectively referred to by researchers as NOROBOT, YESROBOT, and MAYBEROBOT. These strains are believed to represent successive iterations of ColdRiver’s bespoke tools for espionage, credential theft, and persistence.
NOROBOT: The Entry Vector
The NOROBOT malware functions primarily as a loader, responsible for establishing an initial foothold on a victim’s machine. Distributed through the fake CAPTCHA pages, NOROBOT performs system reconnaissance immediately after execution, collecting basic information such as operating system version, domain membership, and user privileges.
It then communicates with ColdRiver’s command-and-control (C2) infrastructure via encrypted HTTPS requests, downloading secondary payloads on command. Analysts noted that NOROBOT’s codebase emphasizes stealth and survivability, featuring checks to ensure it is not running in a sandboxed or virtualized environment.
Crucially, NOROBOT’s network communication relies on domain-generated algorithms (DGAs) that dynamically alter the C2 server addresses, complicating takedown efforts. This flexibility allows ColdRiver to maintain long-term access to compromised networks even after defenders block individual servers.
YESROBOT: Credential Theft and Exfiltration
The second stage in the infection chain typically involves YESROBOT, a more feature-rich implant dedicated to data collection. Once deployed, YESROBOT searches for stored credentials in browsers, email clients, and VPN configurations. It can also capture clipboard data, take screenshots, and harvest authentication tokens used by cloud and collaboration platforms.
Unlike NOROBOT, which prioritizes stealth, YESROBOT prioritizes data exfiltration. Zscaler’s analysis found that it compresses stolen data into encrypted archives before transmitting them back to ColdRiver servers. Its communication pattern is designed to mimic legitimate HTTPS traffic, blending in with normal user activity.
YESROBOT also uses a modular design, allowing ColdRiver to update its capabilities remotely. For example, researchers observed plugins enabling key logging and lateral movement within corporate networks. These updates are signed and delivered through the same infrastructure as the initial infection, reinforcing the attackers’ operational cohesion.
MAYBEROBOT: Persistence and Command
The final member of the malware trio, MAYBEROBOT, acts as a persistent remote access tool (RAT). It allows ColdRiver operators to maintain long-term control over infected systems. MAYBEROBOT establishes persistence through registry modifications and scheduled tasks, ensuring it executes at startup even if other components are removed.
More worryingly, MAYBEROBOT supports interactive command execution, enabling attackers to run arbitrary commands, deploy additional payloads, or use the compromised device as a pivot point within a network. Google Cloud researchers compared it to earlier ColdRiver backdoors like Spica, noting that while its functionality overlaps, MAYBEROBOT introduces improved encryption, better evasion, and a smaller digital footprint.
This modular approach allows ColdRiver to adapt its operations in real time, swap components as needed, and adjust its campaigns to the security posture of its targets.
ColdRiver’s History of Espionage and Adaptation
To understand the significance of the CAPTCHA-based campaign, it is necessary to view it within the broader history of ColdRiver’s cyber operations. For over a decade, the group has served as one of Russia’s most active and adaptive espionage units, focusing on Western governments, think tanks, and policy institutions.
Origins and Early Operations
ColdRiver emerged around 2015, targeting European diplomats and military institutions through credential phishing and document lures. Its early operations relied heavily on social engineering emails impersonating journalists, academics, or government officials. These campaigns aimed to collect credentials for webmail and cloud platforms such as Gmail and Outlook.
By 2020, the group had refined its techniques into highly personalized spear-phishing campaigns, often using real-world events as bait. During that period, ColdRiver impersonated NATO research personnel and defense contractors to distribute malicious PDF attachments.
The group’s sophistication soon drew the attention of major security vendors and law enforcement. Both Microsoft and the U.S. Department of Justice (DOJ) have since taken coordinated actions to disrupt ColdRiver’s infrastructure. In one high-profile case, Microsoft and the DOJ seized a set of phishing domains that mimicked login portals for NATO and defense organizations. These takedowns temporarily crippled ColdRiver’s reach but failed to eliminate its presence entirely.
The NATO Connection and Star Blizzard
Microsoft’s 2023 investigation revealed that ColdRiver’s activities were linked to ongoing espionage efforts against NATO member states, as well as academic institutions involved in foreign policy research. The group was found targeting defense ministries, NGOs, and journalists focused on Eastern European affairs.
Western intelligence agencies have long associated ColdRiver–under its alias Star Blizzard– with Russia’s Federal Security Service (FSB). Later disclosures further confirmed that the group’s infrastructure overlapped with FSB-linked clusters and that it routinely aligned its operations with Russian geopolitical interests.
In addition to phishing and malware campaigns, ColdRiver was implicated in data leak operations intended to sow political discord. In one instance, the group hacked and leaked private emails belonging to high-profile Western officials, later amplifying the stolen content through sympathetic media outlets.
Spica and the Road to ClickFix
ColdRiver’s technical evolution has followed a clear trajectory. Earlier tools like Spica, discovered in late 2024, showcased the group’s growing proficiency with custom backdoors and cross-platform development. Spica featured advanced command execution capabilities and an innovative mechanism for obfuscating network traffic.
That campaign laid the groundwork for what evolved into the ClickFix operation. Analysts believe the transition from phishing attachments to CAPTCHA-based malware delivery was a natural extension of ColdRiver’s emphasis on psychological realism. Instead of convincing users to open a document, the group now tricks them into clicking a universally trusted web element.
The reuse of infrastructure and naming conventions across campaigns, along with similarities in code between Spica and the ROBOT malware family, further supports the conclusion that ColdRiver’s development is continuous, not fragmented. Each campaign builds on lessons learned from its predecessors.
Ongoing Resilience
Despite repeated takedowns by Microsoft, Google, and law enforcement agencies, ColdRiver continues to demonstrate remarkable resilience. Its operators have repeatedly rebuilt their infrastructure, registered new domains, and released updated tool sets to maintain operational continuity.
Their continued evolution from Spica to NOROBOT/YESROBOT/MAYBEROBOT highlights both technical capability and institutional backing. These campaigns are not opportunistic smash-and-grab operations, but long-term intelligence collection efforts serving strategic national objectives.
Industry experts emphasize that ColdRiver’s persistence underscores a broader challenge in the cybersecurity landscape: the adaptability of state-sponsored actors. Unlike financially motivated cybercriminals, nation-state groups are patient, well-resourced, and unrelenting. Each disruption forces them to innovate further, driving them toward more subtle, deceptive, and technically refined operations.
Conclusion
ColdRiver’s abuse of the “I am not a robot” CAPTCHA reflects a chilling trend in modern cyber operations, the weaponization of user trust. By transforming a symbol of online safety into a vector for infection, the group demonstrated how psychological familiarity can be just as dangerous as technical vulnerability.
The deployment of NOROBOT, YESROBOT, and MAYBEROBOT reveals an integrated malware ecosystem built for espionage, persistence, and adaptability. Each component fulfills a distinct role, reflecting the professionalism and long-term planning typical of state-sponsored threat actors.
Finally, the group’s decade-long history, marked by constant reinvention, proves that ColdRiver remains one of the most resilient and technically advanced Russian hacking units still active today. Whether posing as a harmless CAPTCHA or leveraging cutting-edge backdoors, ColdRiver’s operations exemplify the ongoing evolution of cyber warfare, where deception is not only a tactic but an art form.