The rising scene of hack-for-fire companies has recently become more prominent. According to BlackBerry's security team, a new hacker-for-hire group has mobilized attacks across different countries all over the globe.
The CostaRicto campaign
Dubbed CostaRicto, it is the fifth hacker-for-hire mercenary group discovered in 2020.
- The victims of the attack appear to be in South Asia (especially India, Bangladesh, and Singapore), Europe, Africa, America, and Australia.
- The campaign prominently targets financial institutions, while some targets were observed across other verticals as well.
- The group has been seen using custom-built and never-before-seen malware with simple yet effective techniques.
The malware allows attackers to access infected hosts, search for sensitive files, and exfiltrate confidential documents.
- The initial entry vectors include stolen credentials from the dark web or spear-phishing emails to deploy a backdoor trojan named Sombra or SombRAT.
- With better-than-average operation security tactics, the group has been hosting its C2 infrastructure on the dark web.
- To evade detection, the group has been using complex VPN proxy and SSH tunneling capabilities.
Hacker-for-hire - a prominent trend
Several hacker-for-hire groups have already marked their success in various campaigns this year. In mid-2020, researchers had disclosed details about the BellTrox (aka Dark Basin), DeathStalker (aka Deceptikons), Bahamut, and unnamed hacker-for-hire groups.
- Last month, BlackBerry researchers disclosed that the Bahamut group had been using phishing, malicious apps, and zero-day attacks against its victims.
- In August, Bitdefender had found an unnamed hacker-for-hire group targeting an international architectural and video production company.
- In its Q1 2020 TAG Bulletin, Google had highlighted the increasing number of hacker-for-hire mercenary groups by disclosing seven coordinated political influence campaigns.
The discovery of the CostaRicto campaign has retroactively confirmed the maturing hacker-for-hire scene. More and more cybercriminals are renting their services to multiple customers with different agendas, and therefore, security analysts and agencies need to prepare their cyber defenses accordingly.