Callisto Group snoopers wreak havoc with leaked HackingTeam spyware

Surveillance firm's toolset goes rogue in hands of cyberspooks

Thu 13 Apr 2017 // 14:30 UTC

Leaked HackingTeam spyware was used by a cyber-spy group to collect intelligence.

The Callisto Group cyber-spies collected intel on foreign and security policy in eastern Europe and the south Caucasus using spyware developed for law enforcement agencies, according to F-Secure Labs. The group – which remains active – has targeted military personnel, government officials, journalists and think tanks since at least 2015.

An investigation [PDF] published by F-Secure on Thursday reports that the Callisto Group's infrastructure has links with entities in Russia, Ukraine and China. F-Secure is not saying who is behind the Callisto Group other than to suggest the sponsor is probably a nation state.

"They act like nation-state attackers, but there's also evidence linking them with infrastructure used by criminals," said F-Secure's security advisor Sean Sullivan. "So they could be an independent group that's been contracted by a government to do this work, or possibly doing it on their own with the intent of selling the information to a government or intelligence agency."

The Callisto Group's tradecraft typically relies on highly targeted phishing attacks and malware. The malware used by the group is a variant of the Scout tool developed by Italian surveillance firm HackingTeam.

The Scout tool was part of a spyware toolset HackingTeam sold to government agencies that was stolen and leaked online two years ago.

F-Secure's chief information security officer Erka Koivunen said the snoopers' use of spyware designed for law enforcement illustrates the dangers of surveillance technologies.

"This should remind governments that we don't have monopolies on these technologies, and that mercenaries, hostile nation states, and other threats won't hesitate to use these surveillance powers against us," Koivunen said.

F-Secure's report provides indicators of compromise and mitigation strategies for any potential targets concerned about the Callisto Group or other threat actors (i.e. cyber-spies) that take to using similar tactics. ®

Topics

Special Features

Vendor Voice

Resources

Security

Callisto Group snoopers wreak havoc with leaked HackingTeam spyware

Surveillance firm's toolset goes rogue in hands of cyberspooks

More about

More about

Broader topics

More about

More about

More about

Broader topics

TIP US OFF

Other stories you might like

Apple stops warning of 'state-sponsored' attacks, now alerts about 'mercenary spyware'

Judge orders NSO to cough up Pegasus super-spyware source code

Avast shells out $17M to shoo away claims it peddled people's personal data

A different view from the edge

BreachForums admin 'Pompourin' sentenced to 20 years of supervised release

FTC secures first databroker settlement banning sale of sensitive location data

Vietnam accused of Predator spyware attack on EU and US politicians

Indian politicians say Apple warned them of state-sponsored attacks

Apple opens annual applications for free hackable iPhones

EU proposes spyware Tech Lab to keep Big Brother governments in check

Apple squashes kernel bug used by TriangleDB spyware

Spyware slinger QuaDream’s reported demise may be the canary in the coal mine

About Us

Our Websites

Your Privacy