CostaRicto

Description

(BlackBerry) During the past six months, the BlackBerry Research and Intelligence team have been monitoring a cyber-espionage campaign that is targeting disparate victims around the globe. The campaign, dubbed CostaRicto by BlackBerry, appears to be operated by “hackers-for-hire”, a group of APT mercenaries who possess bespoke malware tooling and complex VPN proxy and SSH tunnelling capabilities. Mercenary groups offering APT-style attacks are becoming more and more popular. Their tactics, techniques, and procedures (TTPs) often resemble highly sophisticated state-sponsored campaigns, but the profiles and geography of their victims are far too diverse to be aligned with a single bad actor’s interests. Although in theory the customers of a mercenary APT might include anyone who can afford it, the more sophisticated actors will naturally choose to work with patrons of the highest profile – be it large organizations, influential individuals, or even governments. Having a lot at stake, the cybercriminals must choose very carefully when selecting their commissions to avoid the risk of being exposed.

Names

Name	Name-Giver
CostaRicto	BlackBerry

Country

• Unknown

Motivation

• Financial gain

First Seen

2017

Observed Countries

• Australia
• Austria
• Bahamas
• Bangladesh
• China
• Czech
• France
• India
• Mozambique
• Netherlands
• Portugal
• Singapore
• USA

Tools

• CostaBricks
• nmap
• PowerSploit
• PsExec
• SombRAT

Information

• https://blogs.blackberry.com/en/2020/11/the-costaricto-campaign-cyber-espionage-outsourced

Alienvault Otx

• https://otx.alienvault.com/browse/pulses?q=tag:CostaRicto

Other Information

Uuid

18339642-2d15-4dae-abfe-27abe661b911

Last Card Change

2021-01-07