Home > List all groups > Calypso

Threat Group Cards: A Threat Actor Encyclopedia

Permanent link APT group: Calypso

NamesCalypso (Positive Technologies)
CountryChina China
MotivationInformation theft and espionage
First seen2016
Description(Positive Technologies) The PT Expert Security Center first took note of Calypso in March 2019 during threat hunting. Our specialists collected multiple samples of malware used by the group. They have also identified the organizations hit by the attackers, as well as the attackers’ C2 servers.

Our data indicates that the group has been active since at least September 2016. The primary goal of the group is theft of confidential data. Main targets are governmental institutions in Brazil, India, Kazakhstan, Russia, Thailand, and Turkey.

Our data gives reason to believe that the APT group is of Asian origin.
ObservedSectors: Government.
Countries: Belarus, Brazil, India, Kazakhstan, Mongolia, Russia, Thailand, Turkey, Ukraine.
Tools usedByeby, Calypso RAT, DCSync, DoublePulsar, EarthWorm, EternalBlue, EternalRomance, FlyingDutchman, Hussar, Mimikatz, nbtscan, netcat, OS_Check_445, PlugX, Quarks PwDump, SysInternals, TCP Port Scanner, ZXPortMap, Living off the Land.

Last change to this card: 18 May 2020

Download this actor card in PDF or JSON format

Previous: Callisto Group
Next: Carbanak, Anunak

Thailand Computer Emergency Response Team (ThaiCERT)
Electronic Transactions Development Agency

Follow us on

Facebook Twitter

Report incidents

Telephone +66 (0)2-123-1234
PGP Download PGP key