RCS Galileo

Description

(F-Secure) In all known malicious attachments, the final payload was a variant of the “Scout” tool from the HackingTeam Remote Control System (RCS) Galileo hacking platform. HackingTeam is an Italian software company that created RCS, which they describe as “the hacking suite for governmental interception”. In July 2015, news emerged that HackingTeam had been breached. One of the consequences of this incident was the then latest version of RCS Galileo being leaked to the public.

As a result of the leak, both the source code and the ready-made installers for the RCS platform were made available for anyone to use. Based on our analysis of Callisto Group’s usage of RCS Galileo, we believe the Callisto Group did not utilize the leaked RCS Galileo source code, but rather used the leaked ready-made installers to set up their own installation of the RCS Galileo platform. The process for using the leaked installers to set up an RCS Galileo installation has been described online in publicly available blogposts, making the process trivial to achieve.

Names

Name
RCS Galileo

Type

Backdoor
Info stealer

Information

https://www.f-secure.com/documents/996508/1030745/callisto-group

Other Information

Uuid

5a23a112-d52e-4a02-83b1-ffb2fd8ddc3e

Last Card Change

2020-04-20

Threat Intelligence Garden

Explorer

RCS Galileo

RCS Galileo

Description

Names

Category

Type

Information

Other Information

Uuid

Last Card Change

Graph View

Table of Contents

Backlinks