Callisto Group

Threat Actor Profile Updated 12 days ago

Download STIX

Preview STIX

The Callisto Group, a threat actor identified as part of the Russian Federal Security Service, has been exposed by the United States and the United Kingdom for its malicious cyber activities. This group, also known as Coldriver and formerly tracked by Microsoft under the moniker "Seaborgium," is composed of individuals who execute actions with harmful intent. As a threat actor, the group could be a single person, a private company, or a government entity, and in this case, it is associated with the Russian government. The cybersecurity industry often uses unique naming conventions to identify these groups, although there are few standard practices in place. The exposure of the Callisto Group's activities came after extensive investigations into their operations. These two officers were found to be engaged in sophisticated hacking efforts, compromising security systems and infringing on digital privacy on a large scale. Their activities have raised significant concerns about cybersecurity and the potential for state-sponsored cyber attacks. The nature and extent of the Callisto Group's operations underscore the serious threats posed by such entities in the digital age. In response to the revelations about the Callisto Group, the US and UK governments have imposed sanctions on the group's members. This move represents a concerted effort to deter further malicious cyber activity and hold those responsible accountable. The sanctions serve as a clear message to other potential threat actors about the consequences of engaging in similar activities. The exposure of the Callisto Group and the subsequent sanctions demonstrate the ongoing commitment of the US and UK to combat cyber threats and protect their digital infrastructure.

What's your take? (Question 1 of 5)

Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.

Possible Aliases / Cluster overlaps

It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.

ID	Votes	Profile Description
Seaborgium	4	Seaborgium, also known as Star Blizzard, Callisto Group, COLDRIVER, and TAG-53, is a threat actor linked to suspected Russian threat activity groups. Open-source reporting has enabled Insikt Group to profile the infrastructure used by this group, revealing significant overlaps with other known malic
COLDRIVER	3	Coldriver, also known as Callisto Group and Star Blizzard, is a threat actor believed to originate from Russia. This entity is recognized for its malicious activities including disinformation campaigns, spear-phishing attacks, and the use of custom malware. The group has been associated with the Rus
Callisto	3	Callisto, also known as Gossamer Bear, COLDRIVER, UNC4057, Star Blizzard, Blue Charlie, and SEABORGIUM, is a threat actor linked to the Russian state. This group, which has been tracked by various entities including Microsoft, Google's Threat Analysis Group (TAG), and Insikt Group, is known for its
Star Blizzard	3	Star Blizzard, also known as Seaborgium or the Callisto Group, is a threat actor linked to Russia's intelligence service, the FSB. The group has been involved in sophisticated cyber-attacks worldwide, primarily using spear-phishing campaigns to steal account credentials and data. Microsoft, which tr
Cold River	1	Cold River, a sophisticated threat actor linked to the Kremlin, has been engaging in malicious cyber activities for several years. The group, also known as Star Blizzard, Callisto, and UNC4057, is attributed to Center 18 of the FSB, one of Russia's security services sponsoring global cyber espionage
TA446	1	TA446, also known as the Callisto APT group, Seaborgium, Star Blizzard, ColdRiver, TAG-53, and BlueCharlie, is a threat actor that has been active since at least 2015. This cyberespionage entity has persistently targeted individuals and organizations involved in international affairs, defense, and l

Miscellaneous Associations

Other elements of context that could aid in the identification of relevance

Phishing

Blizzard

Government

Russia

Apt

Evasive

Microsoft

State Sponso...

NCSC

Associated Malware

To see the evidence that has resulted in this association, create a free account

ID	Type	Votes	Profile Description
No associations to display

Associated Threat Actors

To see the evidence that has resulted in this association, create a free account

ID	Type	Votes	Profile Description
Bluecharlie	Unspecified	1	BlueCharlie, also known as TAG-53, Blue Callisto, Callisto (or Calisto), COLDRIVER, Star Blizzard (formerly SEABORGIUM), and TA446, is a threat actor that has been linked to Russia and has reportedly been active since 2019. The group has been involved in various malicious activities including cybere

Associated Vulnerabilities

To see the evidence that has resulted in this association, create a free account

ID	Type	Votes	Profile Description
No associations to display

Source Document References

Information about the Callisto Group Threat Actor was read from the documents corpus below. This display is limited to 20 results, create a free account to see more

Source	CreatedAt	Title
Securityaffairs	6 days ago	Security Affairs Malware Newsletter - Round 3
Securityaffairs	6 days ago	Security Affairs Malware Newsletter - Round 3
Securityaffairs	12 days ago	Security Affairs Malware Newsletter - Round 2
Securityaffairs	20 days ago	Security Affairs Malware Newsletter - Round 1
Securityaffairs	a month ago	Security Affairs newsletter Round 478 by Pierluigi Paganini – INTERNATIONAL EDITION
BankInfoSecurity	a month ago	European Union Sanctions Russian State Hackers
Securityaffairs	a month ago	Security Affairs newsletter Round 477 by Pierluigi Paganini – INTERNATIONAL EDITION
Securityaffairs	a month ago	Security Affairs newsletter Round 476 by Pierluigi Paganini – INTERNATIONAL EDITION
Securityaffairs	2 months ago	Security Affairs newsletter Round 473 by Pierluigi Paganini – INTERNATIONAL EDITION
Securityaffairs	3 months ago	Security Affairs newsletter Round 470 by Pierluigi Paganini – INTERNATIONAL EDITION
Securityaffairs	3 months ago	Security Affairs newsletter Round 469 by Pierluigi Paganini – INTERNATIONAL EDITION
Securityaffairs	3 months ago	Security Affairs newsletter Round 467 by Pierluigi Paganini – INTERNATIONAL EDITION
BankInfoSecurity	3 months ago	US Cyber Command Expanded 'Hunt Forward' Operations in 2023
Securityaffairs	4 months ago	Security Affairs newsletter Round 466 by Pierluigi Paganini
Securityaffairs	4 months ago	Security Affairs newsletter Round 465 by Pierluigi Paganini
Securityaffairs	4 months ago	Security Affairs newsletter Round 464 by Pierluigi Paganini
Securityaffairs	4 months ago	Security Affairs newsletter Round 463 by Pierluigi Paganini
Securityaffairs	5 months ago	Security Affairs newsletter Round 462 by Pierluigi Paganini
Securityaffairs	5 months ago	Security Affairs newsletter Round 461 by Pierluigi Paganini
Securityaffairs	5 months ago	Security Affairs newsletter Round 460 by Pierluigi Paganini