French NGO Reporters Without Borders Targeted by Calisto

French NGO Reporters Without Borders Targeted by Calisto in Recent Campaign Source: blog.sekoia.io/ngo-repor… In May and June 2025, two organisations — including the French NGO Reporters Without Borders (RSF) — reported suspected spear-phishing attempts linked to the intrusion set Calisto (also known as ColdRiver or Star Blizzard). Calisto is a Russia-nexus espionage group active since at least 2017 and attributed by the United States, the United Kingdom, New Zealand and Australia to the FSB, specifically Center 18 (TsIB), Military Unit 64829. Sekoia.io supports this attribution, noting that Calisto’s historic activity aligns closely with Russian strategic interests. The group focuses on cyber-espionage against Western countries, with particular emphasis on Eastern Europe and nations supporting Ukraine. Operations involve credential theft and code execution, including recent use of the ClickFix technique. Targets have included NATO entities, a Ukraine-based defence contractor, NGOs, think tanks, former intelligence officials, Russian-affairs experts and Russian citizens living abroad. Calisto’s spear-phishing playbook typically involves impersonating trusted contacts and sending emails with either a missing attachment or a benign but non-functional PDF. This tactic is intended to elicit a reply from the victim requesting a resend, thereby increasing the perceived legitimacy of the exchange.