Security researchers from BlackBerry Research are tracking a cyberespionage group dubbed CostaRicto whose targets are unusually varied, indicating that it’s selling hacker-for-hire services to other entities. The group uses its own custom-built malware and a complex network of proxies, VPNs and SSH tunnels to hide its activity.

“Mercenary groups offering APT-style attacks are becoming more and more popular,” the BlackBerry researchers said in their report. “Their tactics, techniques, and procedures (TTPs) often resemble highly sophisticated state-sponsored campaigns, but the profiles and geography of their victims are far too diverse to be aligned with a single bad actor’s interests.”

CostaRicto targets multiple industries, geographic regions

The APT group has been operating since at least October 2019, but potentially as far back as 2017, based on timestamps in samples of its unique backdoor program. Its victims span multiple industry verticals, but many of them are financial institutions.

In terms of geography, the targets are based all over the world, but a concentration has been observed in South Asia, especially in India, Bangladesh and Singapore, suggesting the group might be based in and working for entities in that region. The list of other countries where victims were observed include China, the US, Bahamas, Australia, Mozambique, France, the Netherlands, Austria, Portugal and the Czech Republic.

Hacker-for-hire groups sit at the intersection of two trends observed over the past few years: the adoption of APT techniques by non-state groups, including those traditionally associated with cybercrime, and the commoditization of cyberespionage through a new APT-as-a-service model. These changes in the threat landscape challenge traditional threat models and leave many organizations exposed because they haven’t considered themselves as a potential target for cyberespionage in the past and don’t have the necessary defenses in place. This year we’ve seen reports of mercenary groups targeting law firms, financial consultancies and 3D modeling companies, suggesting that no organization, regardless of industry, can afford to ignore APTs anymore.

“With the undeniable success of ransomware-as-a-service (RaaS), it’s not surprising that the cybercriminal market has expanded its portfolio to add dedicated phishing and espionage campaigns to the list of services on offer,” the researchers said. “Outsourcing attacks or certain parts of the attack chain to unaffiliated mercenary groups has several advantages for the adversary—it saves their time and resources and simplifies the procedures, but most importantly it provides an additional layer of indirection, which helps to protect the real identity of the threat actor.”

Copyright © 2020 IDG Communications, Inc.

Source link

By admin