Callisto Group

Threat Actor updated a month ago (2024-10-17T12:01:12.945Z)

Download STIX

Preview STIX

The Callisto Group, also known as 'Star Blizzard', 'SEABORGIUM', and 'COLDRIVER', is a threat actor linked to Russia's Federal Security Service (FSB), Center 18. This group has been involved in sophisticated spear-phishing campaigns aimed at unauthorized access and information theft from protected computers. Their targets have included U.S.-based companies, former and current employees of the U.S. Intelligence Community, Department of Defense, Department of State, military defense contractors, and Department of Energy staff. Among its members are Andrey Stanislavovich KORINETS, AKA Alexey DOGUZHIEV, and Ruslan Aleksandrovich PERETYATKO, a Russian FSB intelligence officer. In December 2023, the UK National Cyber Security Centre (NCSC) and Microsoft reported that the Callisto Group was targeting organizations worldwide. The U.S. Justice Department revealed the unsealing of a warrant to seize 41 domains used by this group for computer fraud in the United States. These domains were part of an ongoing spear-phishing campaign with the goal of gaining unauthorized access to, and stealing valuable information from, the computers and email accounts of U.S. government and other victims. In response to these threats, both Microsoft and the U.S. Department of Justice (DoJ) took significant action against the Callisto Group. Microsoft filed a civil action to seize 66 internet domains used by the group, while the U.S. DoJ seized over 100 domains used for launching attacks on U.S. government and nonprofits. These moves represent a concerted effort by international cybersecurity entities to counteract the malicious activities of the Callisto Group.

Description last updated: 2024-10-17T11:46:33.555Z

What's your take? (Question 1 of 5)

Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.

Possible Aliases / Cluster overlaps

It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at. Create a free account to see the source evidence for each alias, and help fix any errors.

Alias Description	Votes
Seaborgium is a possible alias for Callisto Group. Seaborgium, also known by various names such as Star Blizzard, Callisto Group, COLDRIVER, and TAG-53, is a threat actor believed to be linked to Russia's Federal Security Service (FSB). The group has been active since at least 2015, targeting government officials, military personnel, journalists, an	6
COLDRIVER is a possible alias for Callisto Group. Coldriver, also known as Star Blizzard, Callisto, and Seaborgium, is a Russia-based cyber-espionage group believed to be backed by the Federal Security Service (FSB). This threat actor has been active since at least 2015, targeting government officials, military personnel, journalists, think tanks,	5
Star Blizzard is a possible alias for Callisto Group. Star Blizzard, a threat actor group with ties to Russia's FSB, has been conducting sophisticated spear-phishing campaigns predominantly targeting Western think tanks, government officials, defense contractors, journalists, and nongovernmental organizations (NGOs). The group uses spear-phishing techn	5
Callisto is a possible alias for Callisto Group. Callisto, also known as Star Blizzard, COLDRIVER, TAG-53, and BlueCharlie, is a threat actor group likely based in Russia that has been linked to malicious cyber activities. The group is notorious for its sophisticated spear-phishing attacks targeting organizations and individuals in the UK and othe	4

Miscellaneous Associations

Other elements of context that could aid in the identification of relevance

Blizzard

Phishing

Domains

Russia

Microsoft

Fsb

Government

Apt

Analyst Notes & Discussion

Be the first to leave your mark here! Log in to share your views and vote.

Source Document References

Information about the Callisto Group Threat Actor was read from the documents corpus below. This display is limited to 20 results, create a free account to see more

Source Link	CreatedAt	Title
Flashpoint	a month ago	Justice Department Disrupts Russian Intelligence Spear-Phishing Efforts
Securityaffairs	2 months ago	Security Affairs newsletter Round 492 by Pierluigi Paganini – INTERNATIONAL EDITION
Securityaffairs	2 months ago	Microsoft and DOJ seized the attack infrastructure used by Russia-linked Callisto Group
BankInfoSecurity	2 months ago	US, Microsoft Seize Domains Used in Russian Spear-Phishing
Securityaffairs	3 months ago	SECURITY AFFAIRS MALWARE NEWSLETTER – ROUND 6
Securityaffairs	4 months ago	security-affairs-malware-newsletter-round-5
CERT-EU	a year ago	U.S., Britain target 2 Russian hackers with sanctions, expose FSB-backed cyber conspiracy \| #hacking \| #cybersecurity \| #infosec \| #comptia \| #pentest \| #hacker
Securityaffairs	4 months ago	Security Affairs Malware Newsletter - Round 3
Securityaffairs	4 months ago	Security Affairs Malware Newsletter - Round 3
Securityaffairs	4 months ago	Security Affairs Malware Newsletter - Round 2
Securityaffairs	4 months ago	Security Affairs Malware Newsletter - Round 1
Securityaffairs	5 months ago	Security Affairs newsletter Round 478 by Pierluigi Paganini – INTERNATIONAL EDITION
BankInfoSecurity	5 months ago	European Union Sanctions Russian State Hackers
Securityaffairs	5 months ago	Security Affairs newsletter Round 477 by Pierluigi Paganini – INTERNATIONAL EDITION
Securityaffairs	5 months ago	Security Affairs newsletter Round 476 by Pierluigi Paganini – INTERNATIONAL EDITION
Securityaffairs	6 months ago	Security Affairs newsletter Round 473 by Pierluigi Paganini – INTERNATIONAL EDITION
Securityaffairs	7 months ago	Security Affairs newsletter Round 470 by Pierluigi Paganini – INTERNATIONAL EDITION
Securityaffairs	7 months ago	Security Affairs newsletter Round 469 by Pierluigi Paganini – INTERNATIONAL EDITION
Securityaffairs	7 months ago	Security Affairs newsletter Round 467 by Pierluigi Paganini – INTERNATIONAL EDITION
BankInfoSecurity	7 months ago	US Cyber Command Expanded 'Hunt Forward' Operations in 2023