A group of cybercriminals called Callisto was unmasked

F-Secure Labs presented a report on the existence of a hitherto unknown group of cybercriminals, which collects information on foreign policy and security policy of the countries of Eastern Europe and the countries of the Transcaucasus. The document describes the Callisto group as a highly motivated and well-equipped team that has been carrying out attacks on military, government officials, journalists and think tanks at least since 2015. Callisto is an organized group of cybercriminals that gathers information about foreign policy and security policy in Europe. Hackers use spyware designed for law enforcement purposes.

According to the report, the Callisto group is responsible for several attacks from 2015 and 2016. Although the report does not indicate specific victims, it states that their common feature is the relationship with foreign policy and security policy in Eastern Europe and the South Caucasus - which suggests that the motive of the attackers is the collection of intelligence information.

The infrastructure used by the group is related to entities in Russia, Ukraine and China, but does not clearly identify its principals. Although there is evidence that the group has connections with a certain state, the details of these relationships are unclear.

In addition to discussing the goals and motives of the Callisto group, the attack methods used to infect targets are described in detail. The Callisto group uses targeted phishing attacks to take in e-mail logins, as well as highly personalized, persuasive phishing emails that install malware on victims' computers. These targeted messages were often sent from accounts over which the group took control as a result of previous phishing attacks.

Malicious software provided in phishing emails steals information and further infects victims' computers. The report emphasizes that it is a variation of the Scout tool developed by the Italian company HackingTeam . The Scout tool was part of the spy kit that HackingTeam sold to government agencies and was stolen and made available online in 2015.

The report emphasizes that the group remains active and it is difficult to predict how it will react to the fact that its activities have been disclosed. The document also discusses the "symptoms" of infections and harm reduction strategies by potential victims of the Callisto group or other attackers using similar attack methods. F-Secure products offer behavioral technologies and detection methods (including detection with generic signatures) that protect users from the actions of the Callisto group.

Learn more about our offer

If you sell security solutions, are a distributor, authorized partner or developer and would like to share your portfolio with a group of potential customers, advertise an event, software, hardware or other services on AVLab - simply write to us. Or maybe you had to deal with ransomware? We can also help you decrypt your files.
Read more

We use Google Cloud Translation and Gengo API’s to translate articles with exception of our comparative tests.