In its new report, “The CostaRicto Campaign: Cyber-Espionage Outsourced,” BlackBerry describes the actions of a malicious campaign carried out by freelance mercenaries. Dubbed CostaRicto, an APT (Advanced Persistent Threat) group with malware tooling skills, VPN proxy, and SSH tunnelling, handles this form of cyber espionage.
APT attacks often come from state-sponsored groups or even nation-states that have the means and motive to launch stealthy and prolonged campaigns.
By hiring a mercenary group to carry out the campaign, the real attackers can better protect their identity and elude any detection attempts. Such attackers may also use a third party if they lack the tools, technologies, or talents to execute a campaign from start to finish. A skilled mercenary group often chooses to work only with high-profile customers who can afford their services. These customers include influential organizations (i.e., Bytedance, Prospera Tech, Qualcomm, SMIC, etc.), influential individuals, and even governments (i.e., Bahrain, China, Kuwait, Saudi Arabia, UAE).
Remember: Security is not for the passive! Be vigilant. Trust no one.