RST TI Report Digest: 08 Dec 2025

In May–June 2025 the Calisto intrusion set targeted Reporters Without Borders with spear-phishing that impersonated trusted contacts via ProtonMail; attackers used a custom credential-harvesting kit employing Adversary-in-the-Middle (AITM)/ClickFix techniques to relay 2FA and steal credentials, and the report includes extensive IOCs (IP, domains, URLs) tied to the campaign.