Cyberattacks have been on the rise ever since the beginning of lockdown. Threats such as ransomware, phishing, and malware are now spread out on the Dark Web and a new one involving cyber-espionage is gaining momentum by people for hire.
Indeed, the attackers possess skills in malware tooling VPN proxy, and SSH tunneling and are using this form of cyber espionage surnamed CostaRicto in order to make covert and long campaigns. Cybercriminals often hire a group of mercenaries so as to protect their identity and remain safe from being caught. They can also use a third party if they require more tools or tech to achieve their goals. These mercenary groups mostly work for high-profile customers, including major organizations and sometimes even governments.
The CostaRicto campaign is targeting several countries such as the US, France, India, China among others with a focus on the South Asian region. They are mostly targeting financial businesses.
The campaign’s aim is still unclear although the attackers have worked towards ensuring long-term access to their victims and covert channels in order to transfer data out of the victims’ infrastructure.
Many organizations have already been the victim of this new cyber espionage campaign and for now, there is no way to prevent these kinds of attacks. The only thing to do right now is for businesses to have good cybersecurity practices and infrastructures in place, including running vulnerability scans and using penetration testing.