Go to listing page

Nation-State Hackers are Now Hiring Mercenary APT Groups

Nation-State Hackers are Now Hiring Mercenary APT Groups
Nation-state actors are now getting help from professional hacking groups that are offering Cybercrime-as-a-Service (CaaS) to carry out their operations. One of the biggest advantages provided by this tactic is anonymity. BlackBerry has released a detailed report on the emergence of such mercenary APT groups.

What’s in the report?

The 2021 Threat Report by BlackBerry sheds light on the significant rise of mercenary APT groups, and how they are offering CaaS to nation-state hackers.
  • Mercenary APT groups provide malicious operations, such as phishing, malware, network intrusion. 
  • Nation-state actors hire them to obtain certain access to systems or information in targeted attacks.
  • Hiring cyber mercenaries is the only way for some malicious intent-driven businesses or individuals to work with adequate tools, infrastructure, besides imparting experience to carry out an attack.
  • Further, such deals reduce the chance of nation-state actors being identified or linked with malicious activities, providing a cloak of anonymity.

Mercenary APT groups

The report talks about two mercenary APT groups that are active and offering such services for hire.
  • Bahamut - a well-resourced APT that has involvement in multiple espionage and disinformation campaigns. Recently, the group has been observed to be targeting government officials and private-sector VIPs located in the Middle East and South Asia.
  • CostaRicto - a hackers-for-hire mercenary group that mostly focuses on targets located in India, Bangladesh, and Singapore. This group has targeted multiple victims around the globe. 
  • DeathStalker - active since 2018, this group is interested in gathering information from law firms and companies in the financial sector.


One of the biggest challenges that arise from the involvement of such mercenary groups in campaigns is how to distinguish between the tools used by them and authentic users. Now that carrying out espionage attack campaigns has become only a matter of intent and money, government agencies and private organizations need to proactively defend themselves by having the right security solutions in place.

Cyware Publisher