Calypso Apt

Threat Actor updated 23 days ago (2024-11-29T14:19:48.139Z)
Download STIX
Preview STIX
Calypso Advanced Persistent Threat (APT) is a significant cyber threat actor identified as using the Calypso Remote Access Trojan (RAT), according to a 2019 report by Positive Technology Security. This group, which could be an individual, private company, or part of a government entity, has been noted for its malicious intent and execution of sophisticated cyber attacks. The cybersecurity industry identifies this type of threat actor with unique naming conventions, and in this case, the Calypso APT has become associated with the use of a specific RAT. The Calypso APT uses a unique version of Win.NOODLERAT, a shellcode-formed in-memory modular backdoor. This tool was originally reported by NCC Group and Positive Technology Security. Other threat actors such as Iron Tiger and several unknown clusters have also used Win.NOODLERAT in their espionage campaigns. However, the specific variant used by Calypso APT appears to be exclusive to them, suggesting a high level of technical sophistication and bespoke development within the group. In conclusion, the Calypso APT represents a significant cybersecurity threat due to its use of advanced tools like the Calypso RAT and the unique version of Win.NOODLERAT. This group's activities were highlighted in the 2019 report by Positive Technology Security, and it has been closely monitored by cybersecurity firms since then. Its ability to customize and adapt existing tools for its own use underscores the need for continuous vigilance and adaptive defenses in the cybersecurity landscape.
Description last updated: 2024-06-13T09:45:51.130Z
What's your take? (Question 1 of 1)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at. Create a free account to see the source evidence for each alias, and help fix any errors.
Alias DescriptionVotes
Calypso is a possible alias for Calypso Apt. Calypso is a recognized threat actor, likely linked to the Chinese state-sponsored group APT41. Other groups possibly connected to this network include Hafnium, LuckyMouse, Tick, Calypso, and Winnti Group (tracked by X-Force as Hive0088). Calypso has been associated with various malicious activities
2
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Rat
Analyst Notes & Discussion
Be the first to leave your mark here! Log in to share your views and vote.
Source Document References
Information about the Calypso Apt Threat Actor was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
PreviewSource LinkCreatedAtTitle
Trend Micro
6 months ago
InfoSecurity-magazine
6 months ago