A new hacker group dubbed CostaRicto by BlackBerry investigators is selling its services to entities needing APT-level hacking expertise in cyber espionage campaigns that target many industrial sectors.
The toolset of the hacker-for-hire group includes customized malware that has never been seen before, and also use of SSH tunnels established in the victims' networks and VPN proxies enabling them to hide their malicious activity and avoid being discovered.
The mercenaries attacked targets on almost every continent, including Europe (France, the Netherlands, Austria), Asia (China), America (US) and Australia, with an emphasis on targets in South Asia (India, Bangladesh and Singapore).
Based on the timestamps of the malware, the group has been active since at least October 2019. However, some of their payload stagers are old (2017), which suggests that they were used in previous campaigns for the delivery of other malicious payloads.
The full technical report can be found here.