From de76aef02388febd12bf0dd97ed3cf1440341272 Mon Sep 17 00:00:00 2001
From: Rony <rony_123@protonmail.ch>
Date: Tue, 16 Aug 2022 10:49:13 +0530
Subject: [PATCH] Update threat-actor.json

---
 clusters/threat-actor.json | 11 +++++++++--
 1 file changed, 9 insertions(+), 2 deletions(-)

diff --git a/clusters/threat-actor.json b/clusters/threat-actor.json
index 2b6a3fb..c3687d7 100644
--- a/clusters/threat-actor.json
+++ b/clusters/threat-actor.json
@@ -4455,12 +4455,19 @@
     {
       "description": "The Callisto Group is an advanced threat actor whose known targets include military personnel, government officials, think tanks, and journalists in Europe and the South Caucasus. Their primary interest appears to be gathering intelligence related to foreign and security policy in the Eastern Europe and South Caucasus regions.",
       "meta": {
+        "country": "RU",
         "refs": [
           "https://www.f-secure.com/documents/996508/1030745/callisto-group",
-          "https://blog.google/threat-analysis-group/continued-cyber-activity-in-eastern-europe-observed-by-tag"
+          "https://blog.google/threat-analysis-group/tracking-cyber-activity-eastern-europe",
+          "https://blog.google/threat-analysis-group/update-on-cyber-activity-in-eastern-europe",
+          "https://blog.google/threat-analysis-group/continued-cyber-activity-in-eastern-europe-observed-by-tag",
+          "https://www.microsoft.com/security/blog/2022/08/15/disrupting-seaborgiums-ongoing-phishing-operations",
+          "https://blog.sekoia.io/calisto-continues-its-credential-harvesting-campaign"
         ],
         "synonyms": [
-          "COLDRIVER"
+          "COLDRIVER",
+          "SEABORGIUM",
+          "TA446"
         ]
       },
       "uuid": "fbd279ab-c095-48dc-ba48-4bece3dd5b0f",