SYMBOLCOMMON_NAMEaka. SYNONYMS

Callisto  (Back to overview)

aka: COLDRIVER, SEABORGIUM, TA446, GOSSAMER BEAR

The Callisto Group is an advanced threat actor whose known targets include military personnel, government officials, think tanks, and journalists in Europe and the South Caucasus. Their primary interest appears to be gathering intelligence related to foreign and security policy in the Eastern Europe and South Caucasus regions.

Associated Families

There are currently no families associated with this actor.

References
2023-02-15GoogleGoogle Threat Analysis Group, Mandiant
@techreport{group:20230215:fog:0d99aaa, author = {Google Threat Analysis Group and Mandiant}, title = {{Fog of War: How the Ukraine Conflict Transformed the Cyber Threat Landscape}}, date = {2023-02-15}, institution = {Google}, url = {https://services.google.com/fh/files/blogs/google_fog_of_war_research_report.pdf}, language = {English}, urldate = {2023-03-13} } Fog of War: How the Ukraine Conflict Transformed the Cyber Threat Landscape
CaddyWiper Dharma HermeticWiper INDUSTROYER2 PartyTicket WhisperGate Callisto Curious Gorge MUSTANG PANDA Turla
2022-08-15MicrosoftMicrosoft Threat Intelligence Center (MSTIC), Office 365 Threat Research Team, Digital Threat Analysis Center (DTAC)
@online{mstic:20220815:disrupting:6429d3a, author = {Microsoft Threat Intelligence Center (MSTIC) and Office 365 Threat Research Team and Digital Threat Analysis Center (DTAC)}, title = {{Disrupting SEABORGIUM’s ongoing phishing operations}}, date = {2022-08-15}, organization = {Microsoft}, url = {https://www.microsoft.com/security/blog/2022/08/15/disrupting-seaborgiums-ongoing-phishing-operations}, language = {English}, urldate = {2022-08-18} } Disrupting SEABORGIUM’s ongoing phishing operations
Callisto
2022-07-22SekoiaThreat & Detection Research Team
@online{team:20220722:calisto:c64f3a5, author = {Threat & Detection Research Team}, title = {{CALISTO continues its credential harvesting campaign}}, date = {2022-07-22}, organization = {Sekoia}, url = {https://blog.sekoia.io/calisto-continues-its-credential-harvesting-campaign}, language = {English}, urldate = {2022-08-25} } CALISTO continues its credential harvesting campaign
Callisto
2022-07-19GoogleBilly Leonard
@online{leonard:20220719:continued:2a97da1, author = {Billy Leonard}, title = {{Continued cyber activity in Eastern Europe observed by TAG}}, date = {2022-07-19}, organization = {Google}, url = {https://blog.google/threat-analysis-group/continued-cyber-activity-in-eastern-europe-observed-by-tag}, language = {English}, urldate = {2022-08-05} } Continued cyber activity in Eastern Europe observed by TAG
CyberAzov APT28 Callisto Ghostwriter Sandworm Turla
2022-05-03GoogleBilly Leonard
@online{leonard:20220503:update:e2039f6, author = {Billy Leonard}, title = {{Update on cyber activity in Eastern Europe}}, date = {2022-05-03}, organization = {Google}, url = {https://blog.google/threat-analysis-group/update-on-cyber-activity-in-eastern-europe}, language = {English}, urldate = {2022-08-25} } Update on cyber activity in Eastern Europe
Callisto
2022-03-30GoogleBilly Leonard
@online{leonard:20220330:tracking:ff3709f, author = {Billy Leonard}, title = {{Tracking cyber activity in Eastern Europe}}, date = {2022-03-30}, organization = {Google}, url = {https://blog.google/threat-analysis-group/tracking-cyber-activity-eastern-europe}, language = {English}, urldate = {2022-05-08} } Tracking cyber activity in Eastern Europe
Callisto Curious Gorge
2017-04F-SecureF-Secure Labs
@techreport{labs:201704:callisto:5e97cb4, author = {F-Secure Labs}, title = {{CALLISTO GROUP}}, date = {2017-04}, institution = {F-Secure}, url = {https://www.f-secure.com/content/dam/f-secure/en/labs/whitepapers/Callisto_Group.pdf}, language = {English}, urldate = {2022-03-31} } CALLISTO GROUP
RCS Callisto
Credits: MISP Project