A hackers-for-hire APT group is using a strain of never-before-seen malware and targeting businesses in the CostaRicto campaign.
Blackberry Research and Intelligence Team uncovered a cyber espionage campaign targeting financial institutions and entertainment firms across the globe. Researchers have dubbed this campaign CostaRicto.
According to Blackberry researchers, this campaign seems to be the work of an APT hackers-for-hire mercenary group possessing bespoke malware tools, SSH tunneling, and VPN proxy capabilities.
The TTPs (tactics, techniques, and procedures) of APT-style attacks are often similar to sophisticated state-sponsored targeted campaigns. However, the geography and profiles of their victims are far more diverse.
See: Hackers-for-hire using malicious 3Ds Max plugin for industrial espionage
Researchers identified that CostaRicto targets countries across the Americas, Europe, Asia, Africa, and Australia. However, the highest concentration of victims is in South Asia, particularly China, India, Singapore, and Bangladesh. Presumably, the threat actor is based in this region but working for diverse clients worldwide.
Their attack method is relatively straightforward. They use stolen credentials to gain an initial foothold in their target firm’s networking environment and set up an SSH tunnel for downloading a backdoor.
Alongside this, it downloads a payload loader titled CostaBricks, which is responsible for implementing a C++ virtual machine mechanism for decoding and injecting the bytecode payload in the memory.
Their C&C servers are managed through Tor or via a layer of proxies. They also establish a complicated network of SSH tunnels in the victim’s environment, which reflect that the attackers have implemented above-average operation security.
The back ..
Support the originator by clicking the read the rest link below.
