CostaRicto cyber mercenary group engaging in espionage for its clients
Investigators from the BlackBerry company identified a group of hackers selling its services to governments that has been active since at least October 2019
Ami Rojkes Dombe
| 16/11/2020
https://blogs.blackberry.com/en/2020/11/the-costaricto-campaign-cyber-espionage-outsourced
A new hacker group dubbed CostaRicto by BlackBerry investigators is selling its services to entities needing APT-level hacking expertise in cyber espionage campaigns that target many industrial sectors.
The toolset of the hacker-for-hire group includes customized malware that has never been seen before, and also use of SSH tunnels established in the victims' networks and VPN proxies enabling them to hide their malicious activity and avoid being discovered.
The mercenaries attacked targets on almost every continent, including Europe (France, the Netherlands, Austria), Asia (China), America (US) and Australia, with an emphasis on targets in South Asia (India, Bangladesh and Singapore).
Based on the timestamps of the malware, the group has been active since at least October 2019. However, some of their payload stagers are old (2017), which suggests that they were used in previous campaigns for the delivery of other malicious payloads.
The full technical report can be found here.
Investigators from the BlackBerry company identified a group of hackers selling its services to governments that has been active since at least October 2019
https://blogs.blackberry.com/en/2020/11/the-costaricto-campaign-cyber-espionage-outsourced
A new hacker group dubbed CostaRicto by BlackBerry investigators is selling its services to entities needing APT-level hacking expertise in cyber espionage campaigns that target many industrial sectors.
The toolset of the hacker-for-hire group includes customized malware that has never been seen before, and also use of SSH tunnels established in the victims' networks and VPN proxies enabling them to hide their malicious activity and avoid being discovered.
The mercenaries attacked targets on almost every continent, including Europe (France, the Netherlands, Austria), Asia (China), America (US) and Australia, with an emphasis on targets in South Asia (India, Bangladesh and Singapore).
Based on the timestamps of the malware, the group has been active since at least October 2019. However, some of their payload stagers are old (2017), which suggests that they were used in previous campaigns for the delivery of other malicious payloads.
The full technical report can be found here.
