Calisto Group Organization – Ransomware & Cybercrime Gang – 2023

(Last Updated On: December 10, 2023)

Calisto Group Organization

Ransomware & Cybercrime Gang

Organized Crime – A SCARS Insight

The Calisto Group Is A Russian State-sponsored Cyberespionage Group Believed To Be Operating Under The Direction Of The Federal Security Service (FSB)

The Calisto Group is  also known as Seaborgium, Star Blizzard, ColdRiver, and TA446,

Calisto Group Activities:

  • Targeted attacks: The Calisto Group primarily targets military personnel, government officials, think tanks, journalists, and defense-industrial entities in Eastern Europe, the South Caucasus, the Ukraine, and the UK.
  • Espionage: The primary goal of the Calisto Group is to steal sensitive information and data for the Russian government.
  • Spear-phishing: They commonly use spear-phishing emails as their attack vector, tricking victims into clicking malicious links or opening infected attachments.
  • Custom tools: The Calisto Group is known to develop and use sophisticated custom tools for their operations.
  • Global reach: Their activities are not limited to specific regions, as they have been observed targeting entities worldwide, including the US and Europe.

Calisto Group’s Tactics and Techniques

The Calisto Group utilizes various tactics and techniques to achieve their goals of cyberespionage and information theft. Here are some of their known methods:

Spear Phishing Emails:

  • This is the group’s primary attack vector, involving emails tailored to specific victims with personalized content and attachments designed to entice clicks or downloads.
  • These emails often impersonate legitimate individuals or organizations, making them appear trustworthy.
  • They may contain links to malicious websites or infected attachments that install malware on the victim’s device.

Social Engineering:

  • This involves psychological manipulation techniques to deceive victims into divulging sensitive information or taking actions that benefit the attackers.
  • They may use emotional appeals, threats, or fabricated stories to gain trust and exploit vulnerabilities.
  • This can include tactics like offering enticing jobs, claiming to have compromising information, or posing as technical support representatives.

Custom Tools:

  • The Calisto Group is known for developing and deploying sophisticated custom tools for their operations, including:
    • Exploit kits: Code designed to exploit vulnerabilities in software and gain access to systems.
    • Malware: Malicious software used to steal data, monitor activity, or control infected devices.
    • Command and control (C2) servers: Used to communicate with compromised systems and issue commands.
    • Data exfiltration tools: Techniques used to steal and transfer sensitive information from victim systems.

Advanced Techniques:

  • The group employs various advanced techniques to remain undetected and evade security measures, such as:
    • Zero-day exploits: Exploiting vulnerabilities in software before vendors release patches.
    • Sandboxing evasion: Techniques to bypass security software that monitors suspicious activity.
    • Lateral movement: Moving within a network after gaining initial access to one system.
    • Data encryption: Encrypting stolen information to make it difficult to analyze.

Targeting:

  • The Calisto Group strategically chooses its targets, focusing on individuals and organizations with access to sensitive information valuable to the Russian government.
  • Their targets typically include:
    • Government officials and military personnel: To gather intelligence on military plans, diplomatic relations, and national security strategies.
    • Think tanks and research institutions: To access information on critical technologies, economic analysis, and political developments.
    • Journalists and media outlets: To monitor public opinion and control narratives.
    • Defense-industrial entities: To steal information on weapons development, military capabilities, and strategic partnerships.

Calisto Group Impact:

  • Information theft: The Calisto Group has successfully stolen sensitive information from various organizations, potentially impacting national security and diplomatic relations.
  • Disruption and instability: Their attacks can disrupt operations, cause financial losses, and erode trust in institutions.
  • Escalating tensions: Their activities contribute to the ongoing geopolitical tensions between Russia and the West.

Calisto Group Responses and Investigations:

  • Governments and security agencies: Several governments and security agencies, including the UK National Cyber Security Centre (NCSC), Microsoft Threat Intelligence Center, and Google’s Threat Analysis Group, have attributed attacks to the Calisto Group and issued warnings about their activities.
  • Sanctions: The UK and the US have imposed sanctions on individuals associated with the Calisto Group.
  • Ongoing investigations: Investigations are ongoing to understand the Calisto Group’s capabilities further and track their activities.

Protecting Against the Calisto Group:

  • Awareness: Organizations and individuals should be aware of the Calisto Group’s tactics and techniques to avoid falling victim to their attacks.
  • Cybersecurity measures: Implementing strong cybersecurity measures, such as using multi-factor authentication and keeping software updated, can help mitigate the risk of successful attacks.
  • Reporting: Reporting suspicious activity to authorities and security researchers can help identify and track the Calisto Group’s activities.

Summary

The Calisto Group is a sophisticated and active Russian state-sponsored cyberespionage group posing a significant threat to national security and international stability. By remaining vigilant, implementing strong cybersecurity measures, and collaborating with authorities, we can work together to protect ourselves from their malicious activities.

By understanding the Calisto Group’s tactics and techniques, organizations and individuals can improve their defenses and better prepare for potential attacks. Implementing strong cybersecurity measures, being skeptical of unsolicited communications, and staying informed about emerging threats can significantly reduce the risk of falling victim to this sophisticated cybercrime & cyberespionage group.

Calisto Group - Leadership - Russian Ransomware Gang Reward

Two Russian Nationals Working with Russia’s Federal Security Service Charged in the United States with Global Computer Intrusion Campaign

Indictment Alleges the So-Called “Callisto Group” Hacked Computers in the United States and Allied Countries, and Stole Information Used in Foreign Malign Influence Operations Designed to Influence the U.K.’s 2019 Elections

A federal grand jury in San Francisco returned an indictment on Tuesday charging two individuals with a campaign to hack into computer networks in the United States, the United Kingdom, other North Atlantic Treaty Organization member countries, and Ukraine, all on behalf of the Russian government.

According to court documents, Ruslan Aleksandrovich Peretyatko (Перетятько Руслан Александрович), an officer in Russia’s Federal Security Service (FSB) Center 18, Andrey Stanislavovich Korinets (Коринец Андрей Станиславович) and other unindicted conspirators employed a sophisticated spear phishing campaign to gain unauthorized, persistent access (i.e., “hack”) into victims’ computers and email accounts.

Left Open Quote - on RomanceScamsNOW.com“The Russian government continues to target the critical networks of the United States and our partners, as highlighted by the indictment unsealed today,” said Assistant Attorney General Matthew G. Olsen of the Justice Department’s National Security Division. “Through this malign influence activity directed at the democratic processes of the United Kingdom, Russia again demonstrates its commitment to using weaponized campaigns of cyber espionage against such networks in unacceptable ways. The Department of Justice will respond to such behavior with an even more determined commitment to disrupt those activities and to hold accountable the individuals responsible.”

“Today’s indictment is part of a coordinated international response to send a message to the conspirators that the whole of the United States government stands together and with our partners internationally to identify and disrupt cyber espionage actors, particularly those seeking to obtain government information and attempting to create chaos in democratic processes,” said U.S. Attorney Ismail J. Ramsey for the Northern District of California. “We are grateful to all of our partners for their assistance in addressing these threats posed by the FSB’s action in the Northern District of California, across the United States, and around the world.”

“The FBI will not stand idly by as Russia continues to perpetuate this type of targeted malicious activity,” said Assistant Director Bryan Vorndran of the FBI’s Cyber Division. “Russian interference through malign foreign influence campaigns is deplorable, and we will not tolerate it in the United States or directed against our foreign partners. The FBI is dedicated to combating this pervasive threat and will tirelessly seek to prevent and disrupt these criminal acts carried out by Russia.”

The indictment, which was unsealed today, alleges the conspiracy targeted current and former employees of the U.S. Intelligence Community, Department of Defense, Department of State, defense contractors, and Department of Energy facilities between at least October 2016 and October 2022. In addition, the indictment alleges the conspirators – known publicly by the name “Callisto Group” – targeted military and government officials, think tank researchers and staff, and journalists in the United Kingdom and elsewhere, and that information from certain of these targeted accounts was leaked to the press in Russia and the United Kingdom in advance of U.K. elections in 2019.

As a common example, the conspirators used “spoofed” email accounts designed to look like personal and work-related email accounts of the group’s targets. The conspirators allegedly also sent sophisticated-looking emails that appeared to be from email providers suggesting users had violated terms of service. These messages were designed to trick victims into providing their email account credentials to false login prompts. Once the conspirators fraudulently obtained the victim’s credentials, they were able to use those credentials to access the victims’ email accounts at will.

In addition to the indictment, the Department of the Treasury’s Office of Foreign Assets Control (OFAC) announced that it has sanctioned both Peretyatko and Korinets for their roles in malicious cyber-enabled activity. Moreover, the United Kingdom has issued sanctions of its own, and the U.S. Department of State announced rewards of up to $10 million for information leading to the identification or location of Peretyatko and Korinets, as well as their conspirators.

In addition to the name “Callisto Group,” FSB Center 18 is known by cybersecurity investigators as “Dancing Salome” by Kaspersky Labs, “STAR BLIZZARD” by Microsoft Threat Intelligence Center and “COLDRIVER” by Google’s Threat Analysis Group.

The defendants are each charged with one count of conspiracy to commit an offense against the United States, namely, computer fraud, which carries a maximum sentence of five years in prison for PERETYATKO, and up to 10 years for KORINETS. The maximum potential sentences in this case are prescribed by Congress and are provided here for informational purposes only, as any sentencings of the defendants will be determined by the assigned judge.

The investigation was conducted jointly by the U.S. Attorney’s Office for the Northern District of California, the National Security Cyber Section of the Justice Department’s National Security Division and the FBI San Francisco Field Office. The FBI’s Cyber Division, Cyber Assistant Legal Attachés, and Legal Attachés in countries around the world provided essential support. Numerous victims cooperated and provided valuable assistance in the investigation.

An indictment is merely an allegation. All defendants are presumed innocent until proven guilty beyond a reasonable doubt in a court of law.

SCARS Resources:

Other Cyber Resources

-/ 30 /-

What do you think about this?
Please share your thoughts in a comment below!

SCARS FREE Support & Recovery Program - 4 EVER FREE

Do You Need Support?
Get It Now!

SCARS provides the leading Support & Recovery program for relationship scam victims – completely FREE!

Our managed peer support groups allow victims to talk to other survivors and recover in the most experienced environment possible, for as long as they need. Recovery takes as long as it takes – we put no limits on our support!

SCARS is the most trusted support & education provider in the world. Our team is certified in trauma-informed care, grief counseling, and so much more!

To apply to join our groups visit support.AgainstScams.org

We also offer separate support groups for family & friends too.

SCARS STAR Membership

Become a
SCARS STAR™ Member

SCARS offers memberships in our STAR program, which includes many benefits for a very low annual membership fee!

SCARS STAR Membership benefits include:

  • FREE Counseling or Therapy Benefit from our partner BetterHelp.com
  • Exclusive members-only content & publications
  • Discounts on SCARS Self-Help Books Save
  • And more!

To learn more about the SCARS STAR Membership visit membership.AgainstScams.org

To become a SCARS STAR Member right now visit join.AgainstScams.org

PLEASE SHARE SO OTHERS WILL KNOW

SCARS Publishing Self-Help Recovery Books Available At shop.AgainstScams.org

Scam Victim Self-Help Do-It-Yourself Recovery Books

SCARS Printed Books For Every Scam Survivor From SCARS Publishing

Visit shop.AgainstScams.org

Each is based on our SCARS Team’s 32-plus years of experience.

SCARS Website Visitors receive an Extra 10% Discount
Use Discount Code “romanacescamsnow” at Checkout

Always Report All Scams – Anywhere In The World To:

Go to reporting.AgainstScams.org to learn how

U.S. FTC at https://reportfraud.ftc.gov/#/?orgcode=SCARS and SCARS at www.Anyscams.com
Visit reporting.AgainstScams.org to learn more!

FIND SCAMMER PHOTOS ON
ScammerPhotos.com

FIND SCARS ON FACEBOOK
CLICK HERE

Legal Disclaimer:

The content provided on this platform regarding psychological topics is intended solely for educational and entertainment purposes. The publisher makes no representations or warranties regarding the accuracy or completeness of the information presented. The content is designed to raise awareness about various psychological subjects, and readers are strongly encouraged to conduct their own research and verify information independently.

The information presented does not constitute professional advice, diagnosis, or treatment of any psychological disorder or disease. It is not a substitute for professional medical or mental health advice, diagnosis, or treatment. Readers are advised to seek the guidance of a licensed medical professional for any questions or concerns related to their mental health.

The publisher disclaims any responsibility for actions taken or not taken based on the content provided. The treatment of psychological issues is a serious matter, and readers should consult with qualified professionals to address their specific circumstances. The content on this platform is not intended to create, and receipt of it does not constitute, a therapist-client relationship.

Interpretation and Definitions

Definitions

For the purposes of this Disclaimer:

  • Company (referred to as either “the Company”, “We”, “Us” or “Our” in this Disclaimer) refers to Society of Citizens Against Relationship Scams Inc. (registered d.b.a. “SCARS”,) 9561 Fountainbleau Blvd., Suit 602, Miami FL 33172.
  • Service refers to the Website.
  • You means the individual accessing this website, or the company, or other legal entity on behalf of which such individual is accessing or using the Service, as applicable.
  • Website refers to RomanceScamsNOW.com, accessible from https://romancescamsnow.com

Website Disclaimer

The information contained on this website is for general information purposes only.

The Company assumes no responsibility for errors or omissions in the contents of the Service.

In no event shall the Company be liable for any special, direct, indirect, consequential, or incidental damages or any damages whatsoever, whether in an action of contract, negligence or other tort, arising out of or in connection with the use of the Service or the contents of the Service. The Company reserves the right to make additions, deletions, or modifications to the contents on the Service at any time without prior notice.

The Company does not warrant this website in any way.

External Links Disclaimer

This website may contain links to external websites that are not provided or maintained by or in any way affiliated with the Company.

Please note that the Company does not guarantee the accuracy, relevance, timeliness, or completeness of any information on these external websites.

Errors and Omissions Disclaimer

The information given by SCARS is for general guidance on matters of interest only. Even if the Company takes every precaution to ensure that the content of this website is both current and accurate, errors can occur. Plus, given the changing nature of laws, rules, and regulations, there may be delays, omissions, or inaccuracies in the information contained on this website.

SCARS is not responsible for any errors or omissions, or for the results obtained from the use of this information.

Fair Use Disclaimer

SCARS may use copyrighted material that has not always been specifically authorized by the copyright owner. The Company is making such material available for criticism, comment, news reporting, teaching, scholarship, or research.

The Company believes this constitutes a “fair use” of any such copyrighted material as provided for in section 107 of the United States Copyright law.

If You wish to use copyrighted material from this website for your own purposes that go beyond fair use, You must obtain permission from the copyright owner.

Views Expressed Disclaimer

The Service may contain views and opinions which are those of the authors and do not necessarily reflect the official policy or position of any other author, agency, organization, employer, or company, including SCARS.

Comments published by users are their sole responsibility and the users will take full responsibility, liability, and blame for any libel or litigation that results from something written in or as a direct result of something written in a comment. The Company is not liable for any comment published by users and reserves the right to delete any comment for any reason whatsoever.

No Responsibility Disclaimer

The information on the Service is provided with the understanding that the Company is not herein engaged in rendering legal, accounting, tax, medical or mental health, or other professional advice and services. As such, it should not be used as a substitute for consultation with professional accounting, tax, legal, medical or mental health, or other competent advisers.

In no event shall the Company, its team, board of directors, volunteers, or its suppliers be liable for any special, incidental, indirect, or consequential damages whatsoever arising out of or in connection with your access or use or inability to access or use the Service.

“Use at Your Own Risk” Disclaimer

All information on this website is provided “as is”, with no guarantee of completeness, accuracy, timeliness or of the results obtained from the use of this information, and without warranty of any kind, express or implied, including, but not limited to warranties of performance, merchantability, and fitness for a particular purpose.

SCARS will not be liable to You or anyone else for any decision made or action taken in reliance on the information given by the Service or for any consequential, special, or similar damages, even if advised of the possibility of such damages.

Contact Us

If you have any questions about this Disclaimer, You can contact Us:

  • By email: contact@AgainstScams.org

PLEASE NOTE: Psychology Clarification

The following specific modalities within the practice of psychology are restricted to psychologists appropriately trained in the use of such modalities:

  • Diagnosis: The diagnosis of mental, emotional, or brain disorders and related behaviors.
  • Psychoanalysis: Psychoanalysis is a type of therapy that focuses on helping individuals to understand and resolve unconscious conflicts.
  • Hypnosis: Hypnosis is a state of trance in which individuals are more susceptible to suggestion. It can be used to treat a variety of conditions, including anxiety, depression, and pain.
  • Biofeedback: Biofeedback is a type of therapy that teaches individuals to control their bodily functions, such as heart rate and blood pressure. It can be used to treat a variety of conditions, including stress, anxiety, and pain.
  • Behavioral analysis: Behavioral analysis is a type of therapy that focuses on changing individuals’ behaviors. It is often used to treat conditions such as autism and ADHD.
    Neuropsychology: Neuropsychology is a type of psychology that focuses on the relationship between the brain and behavior. It is often used to assess and treat cognitive impairments caused by brain injuries or diseases.

SCARS and the members of the SCARS Team do not engage in any of the above modalities in relationship to scam victims. SCARS is not a mental healthcare provider and recognizes the importance of professionalism and separation between its work and that of the licensed practice of psychology.

SCARS is an educational provider of generalized self-help information that individuals can use for their own benefit to achieve their own goals related to emotional trauma. SCARS recommends that all scam victims see professional counselors or therapists to help them determine the suitability of any specific information or practices that may help them.

SCARS cannot diagnose or treat any individuals, nor can it state the effectiveness of any educational information that it may provide, regardless of its experience in interacting with traumatized scam victims over time. All information that SCARS provides is purely for general educational purposes to help scam victims become aware of and better understand the topics and to be able to dialog with their counselors or therapists.

It is important that all readers understand these distinctions and that they apply the information that SCARS may publish at their own risk, and should do so only after consulting a licensed psychologist or mental healthcare provider.

SCARS IS A DIGITAL PUBLISHER AND DOES NOT OFFER HEALTH OR MEDICAL ADVICE, LEGAL ADVICE, FINANCIAL ADVICE, OR SERVICES THAT SCARS IS NOT LICENSED OR REGISTERED TO PERFORM.

IF YOU’RE FACING A MEDICAL EMERGENCY, CALL YOUR LOCAL EMERGENCY SERVICES IMMEDIATELY, OR VISIT THE NEAREST EMERGENCY ROOM OR URGENT CARE CENTER. YOU SHOULD CONSULT YOUR HEALTHCARE PROVIDER BEFORE FOLLOWING ANY MEDICALLY RELATED INFORMATION PRESENTED ON OUR PAGES.

ALWAYS CONSULT A LICENSED ATTORNEY FOR ANY ADVICE REGARDING LEGAL MATTERS.

A LICENSED FINANCIAL OR TAX PROFESSIONAL SHOULD BE CONSULTED BEFORE ACTING ON ANY INFORMATION RELATING TO YOUR PERSONAL FINANCES OR TAX RELATED ISSUES AND INFORMATION.

SCARS IS NOT A PRIVATE INVESTIGATOR – WE DO NOT PROVIDE INVESTIGATIVE SERVICES FOR INDIVIDUALS OR BUSINESSES. ANY INVESTIGATIONS THAT SCARS MAY PERFORM IS NOT A SERVICE PROVIDED TO THIRD-PARTIES. INFORMATION REPORTED TO SCARS MAY BE FORWARDED TO LAW ENFORCEMENT AS SCARS SEE FIT AND APPROPRIATE.

This content and other material contained on the website, apps, newsletter, and products (“Content”), is general in nature and for informational purposes only and does not constitute medical, legal, or financial advice; the Content is not intended to be a substitute for licensed or regulated professional advice. Always consult your doctor or other qualified healthcare provider, lawyer, financial, or tax professional with any questions you may have regarding the educational information contained herein. SCARS makes no guarantees about the efficacy of information described on or in SCARS’ Content. The information contained is subject to change and is not intended to cover all possible situations or effects. SCARS does not recommend or endorse any specific professional or care provider, product, service, or other information that may be mentioned in SCARS’ websites, apps, and Content unless explicitly identified as such.

The disclaimers herein are provided on this page for ease of reference. These disclaimers supplement and are a part of SCARS’ website’s Terms of Use. 

All original content is Copyright © 1991 – 2023 Society of Citizens Against Relationship Scams Inc. (Registered D.B.A SCARS) All Rights Reserved Worldwide & Webwide. Third-party copyrights acknowledge.

U.S. State of Florida Registration Nonprofit (Not for Profit) #N20000011978 [SCARS DBA Registered #G20000137918] – Learn more at www.AgainstScams.org

View the claimed and or registered indicia, service marks, and trademarks of Society of Citizens Against Relationship Scams Inc., All Rights Reserved Worldwide

Contact the law firm for the Society of Citizens Against Relationship Scams Incorporated by email at legal@AgainstScams.org

Share This Information - Choose Your Social Media!

Please Leave A Comment - Tell Us What You Think About This!