The Callisto Group is an advanced threat actor whose known targets include military personnel, government officials, think tanks, and journalists in Europe and the South Caucasus. Their primary interest appears to be gathering intelligence related to foreign and security policy in the Eastern Europe and South Caucasus regions.
In October 2015 the Callisto Group targeted a handful of individuals with phishing emails that attempted to obtain the target’s webmail credentials.
In early 2016 the Callisto Group began sending highly targeted spear phishing emails with malicious attachments that contained, as their final payload, the “Scout” malware tool from the HackingTeam RCS Galileo platform.
These spear phishing emails were crafted to appear highly convincing, including being sent from legitimate email accounts suspected to have been previously compromised by the Callisto Group via credential phishing.
The Callisto Group has been active at least since late 2015 and continues to be so, including continuing to set up new phishing infrastructure every week.