Outsourced Cyber Spying

Uploaded on 2020-11-23 in TECHNOLOGY--Hackers, INTELLIGENCE--International, FREE TO VIEW

Mercenary hacking groups offering Advanced Package Tools (APT) attacks are becoming more popular and their tactics, techniques and procedures can resemble highly sophisticated state-sponsored campaigns. 

Blackberry Research have documented the activity of a hackers-for-hire group, named as CostaRicto which has been monitored using new form of malware to target South Asian financial institutions and global entertainment companies.  The profiles and geography of their victims are very varied and so it is unlikely that this is just one hacking band and its likely that there are several different groups for hire.

Although in theory the customers of a mercenary APT might include anyone who can afford it, the more sophisticated actors will naturally choose to work with patrons of the highest profile, be it large organizations, influential individuals, or even governments.

Cyber criminals must choose very carefully when selecting their commissions to avoid the risk of being exposed. ​Outsourcing an espionage campaign, or part of it, to a mercenary group might be very compelling, especially to businesses and individuals who seek intelligence on their competition yet may not have the required tooling, infrastructure and experience to conduct an attack themselves. But even notorious adversaries experienced in cyber-espionage can benefit from adding a layer of indirection to their attacks. By using a mercenary as their proxy, the real attacker can better protect their identity and thwart attempts at attribution.

Targeting

Unlike most of the state-sponsored APT actors, the CostaRicto adversary seems to be indiscriminate when it comes to the victims' geography. Their targets are located in numerous countries across the globe with just a slight concentration in the South-Asian region. The list of other countries where victims were observed include China, the US, Bahamas, Australia, Mozambique, France, the Netherlands, Austria, Portugal and the Czech Republic.

Blackberry analysts noticed that one of the IP addresses employed in the attacks of the group has been linked to an earlier phishing campaign initially attributed to the Russia-linked APT28 group. This circumstance suggests that the Costaricto APT carried out attacks on behalf of other threat actors.

The victims’ profiles are diverse across several verticals, with a large portion being financial institutions. Like many of the other hacker-for-hire operations, this one appears to have been operational for at least many months, according to BlackBerry. While the earliest time stamps for the custom backdoor date to October of last year, the time stamps on the payload stagers, which date to 2017, could suggest a longer-running operation.

Blackberry:      Security Affairs:     CSOOnline:      CyberScoop:     Israel Defense

You Might Also Read:

Creating Post-Modern Intelligence:

 

« Attack & Defence At Manchester United Football Club
Coming Soon: Regulation Of Social Media »

CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

ZenGRC

ZenGRC

ZenGRC (formerly Reciprocity) is a leader in the GRC SaaS landscape, offering robust and intuitive products designed to make compliance straightforward and efficient.

Kualitatem

Kualitatem

Kualitatem Inc. is an independent software testing and information systems auditing company

Tinfoil Security

Tinfoil Security

Tinfoil is a simple, developer friendly service that lets you scan your website for vulnerabilities and fix them quickly and easily.

Cyber 2.0

Cyber 2.0

Cyber 2.0 is the only system in the world that blocks all forms of cyber attack within the organization, including new and unfamiliar attack methods.

Cyber Defense Labs

Cyber Defense Labs

Cyber Defense Labs helps companies identify, mitigate and reduce risk as a trusted, reliable partner for cyber risk management.

Centurion Information Security

Centurion Information Security

Centurion Information Security is a consulting firm based in Singapore that specialises in penetration testing and security assessment services.

M2SYS

M2SYS

M2SYS is a worldwide leader in identification and authentication solutions.

Liongard

Liongard

Liongard automates the management and protection of modern IT environments at scale for IT MSPs - Managed Service Providers and Enterprise IT Operations.

Cigent Technology

Cigent Technology

Cigent keeps the most valuable asset in your organization safe—your data. Our advanced endpoint and managed network security solutions prevent ransomware and data theft.

Celcom

Celcom

Celcom is the oldest mobile telecommunications provider in Malaysia, providing solutions and services to consumers and businesses.

Gunnison Consulting Group

Gunnison Consulting Group

Gunnison Consulting Group serves the Federal Government with high quality IT consulting services.

PatchAdvisor

PatchAdvisor

PatchAdvisor core services include Vulnerability Assessments/Penetration Testing, Application Vulnerability Assessments, and Incident Response.

BugProve

BugProve

BugProve offers a firmware analysis tool that speeds up security testing processes and supports compliance needs by automating repetitive tasks and detecting 0-day vulnerabilities.

Identifid

Identifid

Identifid offers a suite of fraud prevention and identity authentication solutions to businesses and governments using the latest advances in AI, vision processing, and biometric recognition.

Scalarr

Scalarr

Scalarr is an innovative, next-generation cyber security firm focused on automation and AI to detect and prevent threats in mobile and Edge/IoT infrastructures.

SKADI Cyber Defense

SKADI Cyber Defense

At SKADI Cyber Defense, we specialize in enterprise-grade cybersecurity solutions tailored for small to medium businesses.

CyberSentriq

CyberSentriq

CyberSentriq provides an unmatched combination of proactive AI-driven email and web security, advanced data protection, and operational resilience.