Callisto Group

Threat Actor updated 23 days ago (2024-11-29T14:08:21.055Z)
Download STIX
Preview STIX
The Callisto Group, also known as 'Star Blizzard', 'SEABORGIUM', and 'COLDRIVER', is a threat actor linked to Russia's Federal Security Service (FSB), Center 18. This group has been involved in sophisticated spear-phishing campaigns aimed at unauthorized access and information theft from protected computers. Their targets have included U.S.-based companies, former and current employees of the U.S. Intelligence Community, Department of Defense, Department of State, military defense contractors, and Department of Energy staff. Among its members are Andrey Stanislavovich KORINETS, AKA Alexey DOGUZHIEV, and Ruslan Aleksandrovich PERETYATKO, a Russian FSB intelligence officer. In December 2023, the UK National Cyber Security Centre (NCSC) and Microsoft reported that the Callisto Group was targeting organizations worldwide. The U.S. Justice Department revealed the unsealing of a warrant to seize 41 domains used by this group for computer fraud in the United States. These domains were part of an ongoing spear-phishing campaign with the goal of gaining unauthorized access to, and stealing valuable information from, the computers and email accounts of U.S. government and other victims. In response to these threats, both Microsoft and the U.S. Department of Justice (DoJ) took significant action against the Callisto Group. Microsoft filed a civil action to seize 66 internet domains used by the group, while the U.S. DoJ seized over 100 domains used for launching attacks on U.S. government and nonprofits. These moves represent a concerted effort by international cybersecurity entities to counteract the malicious activities of the Callisto Group.
Description last updated: 2024-10-17T11:46:33.555Z
What's your take? (Question 1 of 5)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at. Create a free account to see the source evidence for each alias, and help fix any errors.
Alias DescriptionVotes
Seaborgium is a possible alias for Callisto Group. Seaborgium, also known by various names such as Star Blizzard, Callisto Group, COLDRIVER, and TAG-53, is a threat actor believed to be linked to Russia's Federal Security Service (FSB). The group has been active since at least 2015, targeting government officials, military personnel, journalists, an
6
COLDRIVER is a possible alias for Callisto Group. Coldriver, also known as Star Blizzard, Callisto, and Seaborgium, is a Russia-based cyber-espionage group believed to be backed by the Federal Security Service (FSB). This threat actor has been active since at least 2015, targeting government officials, military personnel, journalists, think tanks,
5
Star Blizzard is a possible alias for Callisto Group. Star Blizzard, a threat actor group with ties to Russia's FSB, has been conducting sophisticated spear-phishing campaigns predominantly targeting Western think tanks, government officials, defense contractors, journalists, and nongovernmental organizations (NGOs). The group uses spear-phishing techn
5
Callisto is a possible alias for Callisto Group. Callisto, also known as Star Blizzard, COLDRIVER, TAG-53, and BlueCharlie, is a threat actor group likely based in Russia that has been linked to malicious cyber activities. The group is notorious for its sophisticated spear-phishing attacks targeting organizations and individuals in the UK and othe
4
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Blizzard
Phishing
Domains
Russia
Microsoft
Fsb
Government
Apt
Uk
Analyst Notes & Discussion
Be the first to leave your mark here! Log in to share your views and vote.
Source Document References
Information about the Callisto Group Threat Actor was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
PreviewSource LinkCreatedAtTitle
Flashpoint
2 months ago
Securityaffairs
3 months ago
Securityaffairs
3 months ago
BankInfoSecurity
3 months ago
Securityaffairs
4 months ago
Securityaffairs
5 months ago
CERT-EU
a year ago
Securityaffairs
5 months ago
Securityaffairs
5 months ago
Securityaffairs
5 months ago
Securityaffairs
6 months ago
Securityaffairs
6 months ago
BankInfoSecurity
6 months ago
Securityaffairs
6 months ago
Securityaffairs
6 months ago
Securityaffairs
7 months ago
Securityaffairs
8 months ago
Securityaffairs
8 months ago
Securityaffairs
8 months ago
BankInfoSecurity
8 months ago