Calypso

Threat Actor updated 3 months ago (2024-06-11T09:17:34.885Z)

Download STIX

Preview STIX

Calypso is a notable threat actor group, potentially linked to the Chinese state-sponsored threat actor group APT41, alongside other groups such as Hafnium, LuckyMouse, Tick, and Winnti Group. This group has been involved in various cyber espionage campaigns using sophisticated tools like Win32/Korplug.RU, Win32/Korplug.RT, and Win32/Agent.ACUS as loaders for their malware. Calypso also employs the use of Command & Control (C&C) servers, including rawfuns[.]com and yolkish[.]com, to manage their malicious operations. In 2019, Positive Technology Security reported on Calypso's use of the Remote Access Trojan (RAT) dubbed "Calypso RAT". Additionally, Calypso has been known to use an exclusive version of the shellcode-formed in-memory modular backdoor, Win.NOODLERAT. Originally reported by NCC Group and Positive Technology Security, Win.NOODLERAT has been used by several threat actors, including Iron Tiger, Calypso APT, and other unknown clusters in their espionage campaigns. However, it's important not to confuse this threat actor with Calypso AI, a separate entity that is a leader in security in AI. Founded by Neil Serebryany, Calypso AI focuses on scoring vulnerabilities at the point of model prompts and their responses, either logging or blocking them. The Berryville Institute of Machine Learning (BIML) recently attended Calypso AI’s Accelerate AI 2023 conference in Washington, DC, indicating its industry recognition and influence.

Description last updated: 2024-06-11T09:16:52.378Z

What's your take? (Question 1 of 3)

Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.

Possible Aliases / Cluster overlaps

It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.

ID	Votes	Profile Description
Winnti Group	3	The Winnti Group, a collective of Chinese Advanced Persistent Threat (APT) groups including APT41, first gained notoriety for its attacks on computer game developers. The group was initially spotted by Kaspersky in 2013, but researchers suggest that this nation-state actor has been active since at l
Calypso Apt	2	Calypso Advanced Persistent Threat (APT) is a significant cyber threat actor identified as using the Calypso Remote Access Trojan (RAT), according to a 2019 report by Positive Technology Security. This group, which could be an individual, private company, or part of a government entity, has been not

Miscellaneous Associations

Other elements of context that could aid in the identification of relevance

Rat

Analyst Notes & Discussion

Be the first to leave your mark here! Log in to share your views and vote.

Associated Threat Actors

To see the evidence that has resulted in these threatActor associations, create a free account

ID	Type	Votes	Profile Description
LuckyMouse	Unspecified	2	LuckyMouse, also known as Budworm, Emissary Panda, and APT27, is a threat actor that has been involved in several high-profile cyber-espionage activities. The group has demonstrated its ability to develop and deploy advanced cyber tools, targeting various operating systems including MacOS, Linux, an

Source Document References

Information about the Calypso Threat Actor was read from the documents corpus below. This display is limited to 20 results, create a free account to see more

Source Link	CreatedAt	Title
InfoSecurity-magazine	3 months ago	Chinese Hackers Leveraging 'Noodle RAT' Backdoor
Trend Micro	3 months ago	Noodle RAT Reviewing the New Backdoor Used by Chinese-Speaking Groups
CERT-EU	9 months ago	IriusRisk Hosts Fireside Chat with Artificial Intelligence & Machine Learning Industry Leaders
SecurityIntelligence.com	10 months ago	X-Force Research Update: Top 10 Cybersecurity Vulnerabilities of 2021
DARKReading	8 months ago	Startups Scramble to Build Immediate AI Security
DARKReading	a year ago	Tech Insight: Dangers of Using Large Language Models Before They Are Baked
MITRE	2 years ago	Exchange servers under siege from at least 10 APT groups \| WeLiveSecurity
CERT-EU	10 months ago	Connect the Dots on State-Sponsored Cyber Incidents - Targeting of Afghan telecommunication firm Roshan
CERT-EU	a year ago	Matthieu Faou \| WeLiveSecurity
CERT-EU	6 months ago	Europe is trying to regulate AI. That could backfire.