Not Simon 🐐

Country: Russian Federation Organization: Federal Security Service (FSB) Center 18 Motivation: Espionage (Page last updated October 02, 2024)

Aliases

• SEABORGIUM (formerly used by Microsoft)
• Star Blizzard (Microsoft)
• TA446 (Proofpoint)
• COLDRIVER (Google Threat Analysis Group)
• TAG-53 (formerly used by Recorded Future)
• BlueCharlie (Recorded Future)
• Iron Frontier (Secureworks)
• Blue Callisto (PwC)
• Calisto (Sekoia)
• The Callisto Group (F-Secure, now called WithSecure)
• UNC4057 (Mandiant)
• Gossamer Bear (CrowdStrike)

Identified Members

• Ruslan Aleksandrovich Peretyatko
  • Rewards for Justice
  • FBI Most Wanted
• Andrey Stanislavovich Korinets
  • Rewards for Justice
  • FBI Most Wanted

References (Sorted by Chronological Order)

2024

• October 01, 2024 – Zimperium: Zimperium Coverage on COLDRIVER Phishing Campaign
• September 07, 2024 – Free Russia Foundation: Free Russia Foundation Response to Data Breach
• April 25, 2024 – Mandiant: Poll Vaulting: Cyber Threats to Global Elections

2023

• December 13, 2023 – Sekoia: CALISTO doxxing: Sekoia.io findings concurs to Reuters’ investigation on FSB-related Andrey Korinets
• December 8, 2023:
  • NCSC-NZ: Joint Advisory: Russian state cyber actors’ global spear-phishing campaigns
  • ACSC ASD: Russian FSB cyber actor Star Blizzard continues worldwide spear-phishing campaigns
• December 7, 2023: (ATTRIBUTION)
  • NCSC-UK: Russian FSB cyber actor Star Blizzard continues worldwide spear-phishing campaigns
  • United Kingdom: UK exposes attempted Russian cyber interference in politics and democratic processes
  • CISA: Russian FSB Cyber Actor Star Blizzard Continues Worldwide Spear-phishing Campaigns
  • FBI: Russian FSB cyber actor Star Blizzard continues worldwide spear-phishing campaigns. (PDF)
  • U.S. Cyber Command: US, Allies Highlight Russian-State Cyber Actor “Star Blizzard” Spear-phishing Campaigns
  • U.S. Department of Justice: Two Russian Nationals Working with Russia’s Federal Security Service Charged with Global Computer Intrusion Campaign
  • U.S. Treasury: United States and the United Kingdom Sanction Members of Russian State Intelligence-Sponsored Advanced Persistent Threat Group
  • U.S. State Department: U.S. Takes Action to Further Disrupt Russian Cyber Activities
  • Microsoft: Star Blizzard increases sophistication and evasion in ongoing attacks
• August 02, 2023 – Recorded Future: BlueCharlie, Previously Tracked as TAG-53, Continues to Deploy New Infrastructure in 2023
• February 15, 2023 – Mandiant/Google TAG: Fog of War: How the Ukraine Conflict Transformed the Cyber Threat Landscape (PDF)
• January 26, 2023 – NCSC-UK: SEABORGIUM and TA453 continue their respective spear-phishing campaigns against targets of interest
• January 06, 2023 – Reuters: Exclusive: Russian hackers targeted U.S. nuclear scientists (News article)

2022

• December 05, 2022:
  • Sekoia: Calisto show interests into entities involved in Ukraine war support
  • Recorded Future: Exposing TAG-53’s Credential Harvesting Infrastructure Used for Russia-Aligned Espionage Operations
• December 02, 2022 – PwC: Blue Callisto orbits around US Laboratories in 2022
• August 15, 2022 – Microsoft: Disrupting SEABORGIUM’s ongoing phishing operations
• June 22, 2022 – Sekoia: CALISTO continues its credential harvesting campaign
• May 03, 2022 – Google Threat Analysis Group: Update on cyber activity in Eastern Europe
• March 30, 2022 – Google Threat Analysis Group: Tracking cyber activity in Eastern Europe

2017

• April 13, 2017 – F-Secure: The Callisto Group (PDF)