Security researchers with Positive Technologies have been tracking the activities of a previously unknown advanced persistent threat (APT) group called Calypso since March of this year. Calypso, which is believed to have been operating since at least 2016, uses a custom remote access Trojan (RAT) in order to target government organizations around the world.
Calypso has so far targeted governments in India (34% of attacks), Brazil (18%), Kazakhstan (18%), Russia (12%), Thailand (12%) and Turkey (6%). The researchers believe Calypso probably operates out of China, because some of the attacks seemed to expose the threat actor’s IP address, which belongs to China Telecom.
Read more: Calypso APT Emerges from the Shadows to Target Governments