The Threat

Russian state-sponsored hackers from the Calisto group, also known as ColdRiver or Star Blizzard, have launched sophisticated cyber-espionage campaigns targeting NATO research sectors and international organizations. This podcast explores their latest attack methods and the serious implications for global security.

Who's Behind the Attacks

Western intelligence agencies attribute Calisto directly to Russia's Federal Security Service FSB Center 18 for Information Security. Active since 2017, this group specializes in credential theft and intelligence gathering from entities supporting Ukraine, with operations that align closely with Russian strategic priorities.

The ClickFix Technique Explained

Discover how attackers use a clever two-step social engineering method called ClickFix. Victims receive emails from seemingly trusted contacts mentioning attachments that aren't actually included. When targets naturally reply asking for the missing file, hackers deliver malicious follow-up emails containing fake PDFs that lead to sophisticated phishing traps.

Advanced Attack Methods

Learn about Adversary-in-the-Middle attacks that can bypass even two-factor authentication. These techniques allow hackers to intercept credentials in real-time while maintaining the illusion of legitimate login processes, making detection extremely difficult for victims.

High-Value Targets

The campaign specifically targets NATO-related research sectors, defense contractors, and prominent NGOs like Reporters Without Borders. This isn't random cybercrime but strategic intelligence gathering that directly supports Russian military objectives.

Expert Analysis

Security researchers from Sekoia.io provide detailed technical analysis of the attack infrastructure, revealing how phishing kits use JavaScript injections and compromised websites to harvest credentials seamlessly.

Protection Strategies

Essential security recommendations for organizations at risk, including communication verification protocols, disabling automatic downloads, and implementing enhanced monitoring for ProtonMail-based attacks.

The Bigger Picture

This podcast examines what these evolving threats mean for the future of cybersecurity and whether traditional prevention methods are sufficient against state-sponsored actors who continuously refine their tactics.

Discussion Format

Join cybersecurity expert Chloe and host Ben as they break down complex technical concepts into accessible explanations, exploring both the immediate threats and long-term implications for organizational security.