ETDA ThaiCERT
Report
Search
Home > List all groups > Callisto Group

Threat Group Cards: A Threat Actor Encyclopedia

Permanent link APT group: Callisto Group

NamesCallisto Group (F-Secure)
Country[Unknown]
MotivationInformation theft and espionage
First seen2013
Description(F-Secure) The most obvious common theme between all known targets of the Callisto Group is an involvement in European foreign and security policy, whether as a military or government official, being employed by a think tank, or working as a journalist. More specifically, many of the known targets have a clear relation to foreign and security policy involving both Eastern Europe and the South Caucasus.

This targeting suggests the Callisto Group is interested in intelligence gathering related to foreign and security policy. Furthermore, we are unaware of any targeting in the described attacks that would suggest a financial motive.

It is worth noting that during our investigation we uncovered links between infrastructure associated with the Callisto Group and infrastructure used to host online stores selling controlled substances. While we don’t yet know enough to fully understand the nature of these links, they do suggest the existence of connections between the Callisto Group and criminal actors.

While the targeting would suggest that the main benefactor of the Callisto Group’s activity is a nation state with specific interest in the Eastern Europe and South Caucasus regions, the link to infrastructure used for the sale of controlled substances hints at the involvement of a criminal element. Finally, the infrastructure associated with the Callisto Group and related infrastructure contain links to at least Russia, Ukraine, and China in both the content hosted on the infrastructure, and in WHOIS information associated with the infrastructure.

It is possible to come up with a number of plausible theories to explain the above findings. For example, a cybercrime group with ties to a nation state, such as acting on behalf of or for the benefit of a government agency, is one potential explanation. However, we do not believe it is possible to make any definitive assertions regarding the nature or affiliation of the Callisto Group based on the currently available information.
ObservedSectors: Defense, Government, Think Tanks and journalists.
Countries: Europe and the South Caucasus.
Tools usedRCS Galileo.
Information<https://www.f-secure.com/documents/996508/1030745/callisto-group>

Last change to this card: 14 April 2020

Download this actor card in PDF or JSON format

Previous: Cadelle
Next: Calypso

Thailand Computer Emergency Response Team (ThaiCERT)
Electronic Transactions Development Agency

Follow us on

Facebook Twitter

Report incidents

Telephone +66 (0)2-123-1234
E-mail report@thaicert.or.th
PGP Download PGP key