Calisto is a reputed threat actor close to Russia and also known as COLDRIVER. Although he has not been publicly attributed to any Russian intelligence service, Calisto’s past operations have shown objectives and victimology closely aligned with Russian strategic interests.

It mainly targets Western countries, especially the United States, and Eastern European countries. Specifically, he has been observed running phishing campaigns. These phishing campaigns targeted military and strategic research sectors such as NATO entities and a defense contractor based in Ukraine, as well as NGOs and think tanks.

Among its victims are also former intelligence officials, experts in Russian affairs and Russian citizens abroad.

To learn more about this threat actor, you can read these two articles:

Other glossary content is also available on our website: