SYMBOLCOMMON_NAMEaka. SYNONYMS

Callisto  (Back to overview)

aka: COLDRIVER, SEABORGIUM, TA446

The Callisto Group is an advanced threat actor whose known targets include military personnel, government officials, think tanks, and journalists in Europe and the South Caucasus. Their primary interest appears to be gathering intelligence related to foreign and security policy in the Eastern Europe and South Caucasus regions.


Associated Families

There are currently no families associated with this actor.


References
2022-08-15MicrosoftMicrosoft Threat Intelligence Center (MSTIC), Office 365 Threat Research Team, Digital Threat Analysis Center (DTAC)
@online{mstic:20220815:disrupting:6429d3a, author = {Microsoft Threat Intelligence Center (MSTIC) and Office 365 Threat Research Team and Digital Threat Analysis Center (DTAC)}, title = {{Disrupting SEABORGIUM’s ongoing phishing operations}}, date = {2022-08-15}, organization = {Microsoft}, url = {https://www.microsoft.com/security/blog/2022/08/15/disrupting-seaborgiums-ongoing-phishing-operations}, language = {English}, urldate = {2022-08-18} } Disrupting SEABORGIUM’s ongoing phishing operations
Callisto
2022-07-22SekoiaThreat & Detection Research Team
@online{team:20220722:calisto:c64f3a5, author = {Threat & Detection Research Team}, title = {{CALISTO continues its credential harvesting campaign}}, date = {2022-07-22}, organization = {Sekoia}, url = {https://blog.sekoia.io/calisto-continues-its-credential-harvesting-campaign}, language = {English}, urldate = {2022-08-25} } CALISTO continues its credential harvesting campaign
Callisto
2022-07-19GoogleBilly Leonard
@online{leonard:20220719:continued:2a97da1, author = {Billy Leonard}, title = {{Continued cyber activity in Eastern Europe observed by TAG}}, date = {2022-07-19}, organization = {Google}, url = {https://blog.google/threat-analysis-group/continued-cyber-activity-in-eastern-europe-observed-by-tag}, language = {English}, urldate = {2022-08-05} } Continued cyber activity in Eastern Europe observed by TAG
CyberAzov APT28 Callisto Ghostwriter Sandworm Turla
2022-05-03GoogleBilly Leonard
@online{leonard:20220503:update:e2039f6, author = {Billy Leonard}, title = {{Update on cyber activity in Eastern Europe}}, date = {2022-05-03}, organization = {Google}, url = {https://blog.google/threat-analysis-group/update-on-cyber-activity-in-eastern-europe}, language = {English}, urldate = {2022-08-25} } Update on cyber activity in Eastern Europe
Callisto
2022-03-30GoogleBilly Leonard
@online{leonard:20220330:tracking:ff3709f, author = {Billy Leonard}, title = {{Tracking cyber activity in Eastern Europe}}, date = {2022-03-30}, organization = {Google}, url = {https://blog.google/threat-analysis-group/tracking-cyber-activity-eastern-europe}, language = {English}, urldate = {2022-05-08} } Tracking cyber activity in Eastern Europe
Callisto Curious Gorge
2017-04F-SecureF-Secure Labs
@techreport{labs:201704:callisto:5e97cb4, author = {F-Secure Labs}, title = {{CALLISTO GROUP}}, date = {2017-04}, institution = {F-Secure}, url = {https://www.f-secure.com/content/dam/f-secure/en/labs/whitepapers/Callisto_Group.pdf}, language = {English}, urldate = {2022-03-31} } CALLISTO GROUP
RCS Callisto

Credits: MISP Project