Calypso

Threat Actor Profile Updated 2 months ago
Download STIX
Preview STIX
Calypso is a notable threat actor group, potentially linked to the Chinese state-sponsored threat actor group APT41, alongside other groups such as Hafnium, LuckyMouse, Tick, and Winnti Group. This group has been involved in various cyber espionage campaigns using sophisticated tools like Win32/Korplug.RU, Win32/Korplug.RT, and Win32/Agent.ACUS as loaders for their malware. Calypso also employs the use of Command & Control (C&C) servers, including rawfuns[.]com and yolkish[.]com, to manage their malicious operations. In 2019, Positive Technology Security reported on Calypso's use of the Remote Access Trojan (RAT) dubbed "Calypso RAT". Additionally, Calypso has been known to use an exclusive version of the shellcode-formed in-memory modular backdoor, Win.NOODLERAT. Originally reported by NCC Group and Positive Technology Security, Win.NOODLERAT has been used by several threat actors, including Iron Tiger, Calypso APT, and other unknown clusters in their espionage campaigns. However, it's important not to confuse this threat actor with Calypso AI, a separate entity that is a leader in security in AI. Founded by Neil Serebryany, Calypso AI focuses on scoring vulnerabilities at the point of model prompts and their responses, either logging or blocking them. The Berryville Institute of Machine Learning (BIML) recently attended Calypso AI’s Accelerate AI 2023 conference in Washington, DC, indicating its industry recognition and influence.
What's your take? (Question 1 of 5)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.
IDVotesProfile Description
Winnti Group
3
The Winnti Group, a collective of Chinese Advanced Persistent Threat (APT) groups including APT41, first gained notoriety for its attacks on computer game developers. The group was initially spotted by Kaspersky in 2013, but researchers suggest that this nation-state actor has been active since at l
Calypso Apt
2
Calypso Advanced Persistent Threat (APT) is a significant cyber threat actor identified as using the Calypso Remote Access Trojan (RAT), according to a 2019 report by Positive Technology Security. This group, which could be an individual, private company, or part of a government entity, has been not
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Rat
Apt
Backdoor
Eset
Loader
Exploit
Zero Day
State Sponso...
Associated Malware
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
win.noodleratUnspecified
1
Win.NOODLERAT is a malware variant that functions as a backdoor into infected systems, allowing unauthorized access and control. It is part of the Noodle RAT family, which has two versions: one for Windows (Win.NOODLERAT) and another for Linux (Linux.NOODLERAT). This malicious software infiltrates s
Associated Threat Actors
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
LuckyMouseUnspecified
2
LuckyMouse, also known as Budworm, Emissary Panda, and APT27, is a threat actor that has been involved in several high-profile cyber-espionage activities. The group has demonstrated its ability to develop and deploy advanced cyber tools, targeting various operating systems including MacOS, Linux, an
WinntiUnspecified
1
Winnti is a sophisticated threat actor group, first identified by Kaspersky in 2013, with activities dating back to at least 2007. The group has been associated with the Chinese nation-state and is part of a collective known as APT41, which also includes subgroups like Wicked Panda, Suckfly, and Bar
TickUnspecified
1
Tick is a threat actor, also known as BRONZE BUTLER, that likely originates from the People's Republic of China. Secureworks® incident responders and Counter Threat Unit™ (CTU) researchers have been investigating activities associated with this group. Tick has deployed various tools and malware fami
APT41Unspecified
1
APT41, also known as Winnti, Wicked Panda, and Wicked Spider, is a sophisticated threat actor attributed to China. This group has been active since at least 2012, targeting organizations across 14 countries. The group is known for its extensive use of various code families and tools, with at least 4
Hive0088Unspecified
1
None
Associated Vulnerabilities
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Source Document References
Information about the Calypso Threat Actor was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
SourceCreatedAtTitle
InfoSecurity-magazine
a month ago
Chinese Hackers Leveraging 'Noodle RAT' Backdoor
Trend Micro
2 months ago
Noodle RAT Reviewing the New Backdoor Used by Chinese-Speaking Groups
CERT-EU
8 months ago
IriusRisk Hosts Fireside Chat with Artificial Intelligence & Machine Learning Industry Leaders
SecurityIntelligence.com
8 months ago
X-Force Research Update: Top 10 Cybersecurity Vulnerabilities of 2021
DARKReading
7 months ago
Startups Scramble to Build Immediate AI Security
DARKReading
a year ago
Tech Insight: Dangers of Using Large Language Models Before They Are Baked
MITRE
a year ago
Exchange servers under siege from at least 10 APT groups | WeLiveSecurity
CERT-EU
8 months ago
Connect the Dots on State-Sponsored Cyber Incidents - Targeting of Afghan telecommunication firm Roshan
CERT-EU
a year ago
Matthieu Faou | WeLiveSecurity
CERT-EU
4 months ago
Europe is trying to regulate AI. That could backfire.