CostaRicto APT

CostaRicto APT is a suspected criminal organization that is likely to work with clients from all around the world, as long as they can afford their services. This Advanced Persistent Threat (APT) group has been active for over a year, but their toolset and campaigns have been observed over the past six months thoroughly. So far, the CostaRicto APT has managed to reach networks worldwide, but the majority of their victims appear to be situated in Southeast Asia. However, remnants of CostaRicto's tools have been discovered on networks in Africa, Europe, Australia, and both Americas.

Cybersecurity experts believe that the CostaRicto APT actors do not have a particular agenda since their targets appear to be chosen on a random basis. Typically, such behavior is associated with hackers-for-hire organizations, which serve the needs of the highest bidders.

The CostaRicto APT is a Suspected Hacker-For-Hire Group Operating around the Entire World

The group relies on custom-built and public utilities to aid it in its threatening campaigns. Two of the most impressive tools to be used in their operations are the SombRAT and CostaBricks. The latter is a complicated Trojan loader that uses code virtualization to hide its purpose, while the former is a Remote Access Trojan (RAT) with a modular structure.

Experts note that the CostaRicto APT tools appear to be well-maintained, and the criminals are not planning to use them for one-off attacks, certainly. Instead, it is likely that the implants will continue to be improved and reused in future campaigns. The CostaRicto APT campaigns are still active as of November 2020, and only time will tell how much more mayhem they will cause in the future.