BlackBerry's security team has published details today about a new hacker-for-hire mercenary group they discovered earlier this year, and which they tied to attacks to victims all over the world.
The group, which BlackBerry named CostaRicto, is the fifth hacker-for-hire group discovered this year after the likes of:
- BellTrox (aka Dark Basin) [1, 2, 3]
- DeathStalker (aka Deceptikons) [1, 2]
- Bahamut [1, 2]
- Unnamed group [1]
CostaRicto's discovery also comes to retroactively confirm a Google report from May, when the US tech giant highlighted the increasing number of hacker-for-hire mercenary groups[1], and especially those operating out of India.
However, while BellTrox has been linked to an Indian entity and Bahamut is suspected of operating out of India as well, details about CostaRicto's current origins and whereabouts still remain unknown.
What is currently known is that the group has orchestrated attacks all over the globe across different countries in Europe, the Americas, Asia, Australia, and Africa.
However, BlackBerry says the biggest concentration of victims appears to be in South Asia, and especially India, Bangladesh, and Singapore, suggesting that the threat actor could be based in the region, "but working on a wide range of commissions from diverse clients."
As for the nature of the targets, the BlackBerry Research and Intelligence Team said in a report today[2] that "the victims' profiles are diverse across several verticals, with a large portion being financial institutions."
Furthermore, BlackBerry says that "the diversity and geography of the victims doesn't fit a picture of a campaign sponsored by a particular state" but suggests that they are "a mix of targets that could be explained by different assignments commissioned by disparate entities."
CostaRicto group linked to new sophisticated Sombra malware
BlackBerry also