SombRAT
Hackers-for-hire groups have become a very profitable venture for cybercriminals who have the ability to penetrate the security of various networks around the world. Usually, these groups boast a well-developed arsenal of tools thanks to the fact that they can rely on the money of their clients. One of the recent groups believed to take part in such activity is called CostaRicto. Its campaigns have been monitored for over six months, but malware researchers believe that the CostaRicto APT (Advanced Persistent Threat) group has been operative for more than a year. Hackers-for-hire organizations are usually labeled as such because their operations appear to be spread all over the globe, and their targets rarely have any connection between them. This is usually a sign that they are not picking the targets themselves and, instead, they are working according to the instructions of the highest bidder.
This Hackers-For-Hire APT Group Uses the Custom-Built SombRAT
The SombRAT is one of the signature tools seen in CostaRicto's recent campaigns. The threat appears to be built using C++, and it features a modular structure. The primary payload is rather limited in terms of functionality, but its operators could extend its toolset easily by installing modules on-the-fly. Without add-ons, the SombRAT is able to gather basic system information or details, as well as to download and launch modules or other binaries.
The SombRAT can use either DNS tunneling or TCP to communicate with the control server. According to reports by antivirus vendors, the SombRAT supports over 50 unique commands, most of which are only available when a suitable module has been deployed. These commands are able to serve various purposes such as injecting DLLs into memory, managing processes/services, self-deletion, modifying the configuration, setting up a proxy and more.
Samples of SombRAT have been recovered from systems in Europe, Asia, Australia, and Africa, therefore proving the wide scope of the CostaRicto APT. So far, it has been impossible to guess the origin of the criminals since hacker-for-hire groups are usually very careful not to reveal absolutely any details about their likely whereabouts.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.