Calisto is a reputed threat actor close to Russia and also known as COLDRIVER. Although he has not been publicly attributed to any Russian intelligence service, Calisto’s past operations have shown objectives and victimology closely aligned with Russian strategic interests.
It mainly targets Western countries, especially the United States, and Eastern European countries. Specifically, he has been observed running phishing campaigns. These phishing campaigns targeted military and strategic research sectors such as NATO entities and a defense contractor based in Ukraine, as well as NGOs and think tanks.
Among its victims are also former intelligence officials, experts in Russian affairs and Russian citizens abroad.
To learn more about this threat actor, you can read these two articles:
- https://blog.sekoia.io/calisto-continues-its-credential-harvesting-campaign/
- https://blog.sekoia.io/calisto-show-interests-into-entities-involved-in-ukraine-war-support/
Other glossary content is also available on our website: Turla, LuckyMouse, Roaming Mantis, Vice Society, CTI, XDR, SOAR, SIEM, SOC, EDR, CERT, STIX, IoC.
We are a cybersecurity software publisher. We provide SOC and MSSP teams with a turnkey operational security platform (SOC platform). Through our XDR platform, CTI tool and threat intelligence platform, we enable our users to neutralize cyber threats, regardless of the attack surface.