{"id":10599,"date":"2019-11-06T09:00:00","date_gmt":"2019-11-06T09:00:00","guid":{"rendered":"https:\/\/www.withsecure.com\/resources-hub\/w-labs\/callisto-group\/"},"modified":"2019-11-06T09:00:00","modified_gmt":"2019-11-06T09:00:00","slug":"callisto-group","status":"publish","type":"lab_item","link":"https:\/\/www.withsecure.com\/jp-ja\/resources-hub\/w-labs\/callisto-group\/","title":{"rendered":"Callisto Group"},"content":{"rendered":"\n
\n
\n

\n Callisto Group<\/span><\/h1>
\n
\n \n \n Email Security <\/span>\n \n Threat intelligence <\/span>\n <\/span>\n \n 06 11\u6708, 2019 <\/span>\n <\/div>\n <\/div>\n <\/div>\n
\n
\n

\n \u30b7\u30a7\u30a2\u3059\u308b <\/p>\n

\n \n \n
\n
\n
\n \"\" <\/figure>\n <\/div>\n <\/div>\n<\/section>\n\n\n\n
\n
\n
\n

\n Download report <\/p>\n \n

\n
\n \n Download report
\n
\n

\n Share this story <\/p>\n

\n \n \n
\n
\n

The Callisto Group is an advanced threat actor whose known targets include military personnel, government officials, think tanks, and journalists in Europe and the South Caucasus.<\/p>\n

Their primary interest appears to be gathering intelligence related to foreign and security policy in the Eastern Europe and South Caucasus regions.<\/p>\n

In October 2015 the Callisto Group targeted a handful of individuals with phishing emails that attempted to obtain the target\u2019s webmail credentials.<\/p>\n

In early 2016 the Callisto Group began sending highly targeted spear phishing emails with malicious attachments that contained, as their final payload, the \u201cScout\u201d malware tool from the HackingTeam RCS Galileo platform.<\/p>\n

These spear phishing emails were crafted to appear highly convincing, including being sent from legitimate email accounts suspected to have been previously compromised by the Callisto Group via credential phishing.<\/p>\n

The Callisto Group has been active at least since late 2015 and continues to be so, including continuing to set up new phishing infrastructure every week.<\/p>\n<\/div>\n\n

\n
\n

\n Share this story <\/p>\n

\n \n \n
\n
\n
\n
\n

\n What next?<\/span><\/h2>
\n
\n

Discover WithSecure\u2122 Elements Exposure Management.
\n– No credit card required. No obligations.No complexity.<\/p>\n<\/div>\n <\/div>\n <\/div>\n

\n Contact us<\/a> <\/div>\n <\/div> <\/div>\n <\/div>\n<\/section>\n\n\n\n\n\n
\n
\n

\n Related Labs content<\/span><\/h2>
\n
\n
\n

Find related content relating to this topic.<\/span><\/p>\n<\/div>\n <\/div>\n <\/div>\n <\/div> \n

\n
\n
\n
\n \"\"

W\/\u30e9\u30dc<\/p>\n <\/div>\n

\n
\n
\n Attack Detection<\/span>\n Software Protection<\/span>\n Threat intelligence<\/span>\n <\/div>\n <\/div>\n

DarkGate Rises: New version of DarkGate malware hunts like a Duck but bites like a RAT<\/h3>\n

Source: https:\/\/labs.withsecure.com\/publications\/darkgate-rises<\/p>\n

\n \u3082\u3063\u3068\u8aad\u3080<\/a> <\/div>\n <\/div>\n<\/div> <\/div>\n
\n
\n
\n \"\"

W\/\u30e9\u30dc<\/p>\n <\/div>\n

\n
\n
\n Attack Detection<\/span>\n Software Protection<\/span>\n Threat intelligence<\/span>\n <\/div>\n <\/div>\n

Reverse engineering a Lumma infection<\/h3>\n

Lumma is an information stealer that the WithSecure Detection and Response Team (DRT) have encountered several times. It has seen wider use over the past couple of years, and makes for an interesting threat to monitor.<\/p>\n

\n \u3082\u3063\u3068\u8aad\u3080<\/a> <\/div>\n <\/div>\n<\/div> <\/div>\n
\n
\n
\n \"\"

W\/\u30e9\u30dc<\/p>\n <\/div>\n

\n
\n
\n AI security<\/span>\n Attack Detection<\/span>\n Software Protection<\/span>\n <\/div>\n <\/div>\n

Machine learning-driven malware analysis<\/h3>\n

With the rapid emergence of new malware variants, accurately classifying and attributing malware samples has become more challenging than ever<\/p>\n

\n \u3082\u3063\u3068\u8aad\u3080<\/a> <\/div>\n <\/div>\n<\/div> <\/div>\n <\/div>\n
\n
\n <\/div>\n
\n
\n

The Callisto Group is an advanced threat actor whose known targets include military personnel, government officials, think tanks, and journalists in Europe and the South Caucasus.<\/p>\n","protected":false},"author":3,"featured_media":0,"template":"","categories":[357,316],"labs_content_type":[377],"class_list":["post-10599","lab_item","type-lab_item","status-publish","hentry","category-email-security","category-threat-intelligence"],"acf":[],"card":"

\n
\n \"\"

W\/\u30e9\u30dc<\/p>\n <\/div>\n

\n
\n
\n Email Security<\/span>\n Threat intelligence<\/span>\n <\/div>\n <\/div>\n

Callisto Group<\/h3>\n

The Callisto Group is an advanced threat actor whose known targets include military personnel, government officials, think tanks, and journalists in Europe and the South Caucasus.<\/p>\n

\n \u3082\u3063\u3068\u8aad\u3080<\/a> <\/div>\n <\/div>\n<\/div>","_links":{"self":[{"href":"https:\/\/www.withsecure.com\/jp-ja\/wp-json\/wp\/v2\/lab_item\/10599","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.withsecure.com\/jp-ja\/wp-json\/wp\/v2\/lab_item"}],"about":[{"href":"https:\/\/www.withsecure.com\/jp-ja\/wp-json\/wp\/v2\/types\/lab_item"}],"author":[{"embeddable":true,"href":"https:\/\/www.withsecure.com\/jp-ja\/wp-json\/wp\/v2\/users\/3"}],"wp:attachment":[{"href":"https:\/\/www.withsecure.com\/jp-ja\/wp-json\/wp\/v2\/media?parent=10599"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.withsecure.com\/jp-ja\/wp-json\/wp\/v2\/categories?post=10599"},{"taxonomy":"labs_content_type","embeddable":true,"href":"https:\/\/www.withsecure.com\/jp-ja\/wp-json\/wp\/v2\/labs_content_type?post=10599"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}