Thursday, April 15, 2021
  • Setup menu at Appearance » Menus and assign menu to Top Bar Navigation
Advertisement
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News
No Result
View All Result
NikolaNews
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News
No Result
View All Result
NikolaNews
No Result
View All Result
Home Internet Security

BlackBerry discovers new hacker-for-hire mercenary group

November 13, 2020
in Internet Security
BlackBerry discovers new hacker-for-hire mercenary group
589
SHARES
3.3k
VIEWS
Share on FacebookShare on Twitter

BlackBerry’s security team has published details today about a new hacker-for-hire mercenary group they discovered earlier this year, and which they tied to attacks to victims all over the world.

Special feature


Cyberwar and the Future of Cybersecurity

You might also like

Microsoft Defender for Endpoint now protects unmanaged BYO devices

Cyber criminals are installing cryptojacking malware on unpatched Microsoft Exchange servers

ASIO boss says he’s not concerned with Australian Parliament’s March outage


Cyberwar and the Future of Cybersecurity

Today’s security threats have expanded in scope and seriousness. There can now be millions — or even billions — of dollars at risk when information security isn’t handled properly.

Read More

The group, which BlackBerry named CostaRicto, is the fifth hacker-for-hire group discovered this year after the likes of:

  • BellTrox (aka Dark Basin) [1, 2, 3]
  • DeathStalker (aka Deceptikons) [1, 2]
  • Bahamut [1, 2]
  • Unnamed group [1]

CostaRicto’s discovery also comes to retroactively confirm a Google report from May, when the US tech giant highlighted the increasing number of hacker-for-hire mercenary groups, and especially those operating out of India.

However, while BellTrox has been linked to an Indian entity and Bahamut is suspected of operating out of India as well, details about CostaRicto’s current origins and whereabouts still remain unknown.

What is currently known is that the group has orchestrated attacks all over the globe across different countries in Europe, the Americas, Asia, Australia, and Africa.

However, BlackBerry says the biggest concentration of victims appears to be in South Asia, and especially India, Bangladesh, and Singapore, suggesting that the threat actor could be based in the region, “but working on a wide range of commissions from diverse clients.”

As for the nature of the targets, the BlackBerry Research and Intelligence Team said in a report today that “the victims’ profiles are diverse across several verticals, with a large portion being financial institutions.”

Furthermore, BlackBerry says that “the diversity and geography of the victims doesn’t fit a picture of a campaign sponsored by a particular state” but suggests that they are “a mix of targets that could be explained by different assignments commissioned by disparate entities.”

CostaRicto group linked to new sophisticated Sombra malware

BlackBerry also adds that while the group is using custom-built and never-before-seen malware, they are not operating using any innovative techniques.

Most of their attacks rely on stolen credentials or spear-phishing emails as the initial entry vector. These emails usually deliver a backdoor trojan that BlackBerry has named Sombra or SombRAT.

The backdoor trojan allows CostaRicto operators to access infected hosts, search for sensitive files, and exfiltrate important documents.

This data is usually sent back to CostaRicto command-and-control infrastructure, which BlackBerry says it is usually hosted on the dark web, and accessible only via Tor.

Furthermore, the infected hosts usually connect these servers via a layer of proxies and SSH tunnels to hide the malicious traffic from the infected organizations.

All in all, BlackBerry says these practices “reveal better-than-average operation security,” when compared to your usual hacking groups.

All the CostaRicto malware samples that BlackBerry discovered have been traced back to as early as October 2019, but other clues in the gang’s servers suggest the group might have been active even earlier, as far back as 2017.

Furthermore, researchers said they also discovered an overlap with past campaigns from APT28, one of Russia’s military hacking units, but BlackBerry believes the server overlap may have been accidental.

Hacker-for-hire groups — the new landscape

For many years, most hacking groups have operated as stand-alone groups, carrying out financially-motivated attacks, stealing data, and selling for their own profit.

The public exposures of BellTrox, DeathStalker, Bahamut, and CostaRicto this year show a maturing hacker-for-hire scene, with more and more groups renting their services to multiple customers with different agendas, instead of operating as lone wolfs.

The next step in investigating these groups will need to look at who their clients are. Are they private corporations or foreign governments. Or are they both?

Credit: Zdnet

Previous Post

MISSIONS — The Next Level of Interactive Developer Security Training

Next Post

4 Ways to Create Meaningful Virtual-Conference Experiences

Related Posts

Microsoft Defender for Endpoint now protects unmanaged BYO devices
Internet Security

Microsoft Defender for Endpoint now protects unmanaged BYO devices

April 15, 2021
Cyber criminals are installing cryptojacking malware on unpatched Microsoft Exchange servers
Internet Security

Cyber criminals are installing cryptojacking malware on unpatched Microsoft Exchange servers

April 14, 2021
ASIO boss says he’s not concerned with Australian Parliament’s March outage
Internet Security

ASIO boss says he’s not concerned with Australian Parliament’s March outage

April 14, 2021
‘FLoC off!’ Vivaldi declares as it says no to Google’s tracking system
Internet Security

‘FLoC off!’ Vivaldi declares as it says no to Google’s tracking system

April 14, 2021
Microsoft April patch download covers 114 CVEs including new Exchange Server bugs
Internet Security

Microsoft April patch download covers 114 CVEs including new Exchange Server bugs

April 14, 2021
Next Post
4 Ways to Create Meaningful Virtual-Conference Experiences

4 Ways to Create Meaningful Virtual-Conference Experiences

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Recommended

Plasticity in Deep Learning: Dynamic Adaptations for AI Self-Driving Cars

Plasticity in Deep Learning: Dynamic Adaptations for AI Self-Driving Cars

January 6, 2019
Microsoft, Google Use Artificial Intelligence to Fight Hackers

Microsoft, Google Use Artificial Intelligence to Fight Hackers

January 6, 2019

Categories

  • Artificial Intelligence
  • Big Data
  • Blockchain
  • Crypto News
  • Data Science
  • Digital Marketing
  • Internet Privacy
  • Internet Security
  • Learn to Code
  • Machine Learning
  • Marketing Technology
  • Neural Networks
  • Technology Companies

Don't miss it

Three Privacy Preserving Machine Learning Techniques Solving This Decade’s Most Important Issue
Machine Learning

Three Privacy Preserving Machine Learning Techniques Solving This Decade’s Most Important Issue

April 15, 2021
5 Ways Conversational AI is Shaping the Future of Learning | by Aurosikha Priyadarshini | Apr, 2021
Neural Networks

5 Ways Conversational AI is Shaping the Future of Learning | by Aurosikha Priyadarshini | Apr, 2021

April 15, 2021
Marketing Automation Technology for Revenue & Growth
Marketing Technology

Marketing Automation Technology for Revenue & Growth

April 15, 2021
Six courses to build your technology skills in 2021 – IBM Developer
Technology Companies

A brief intro to Red Hat OpenShift for Node.js developers – IBM Developer

April 15, 2021
Microsoft Defender for Endpoint now protects unmanaged BYO devices
Internet Security

Microsoft Defender for Endpoint now protects unmanaged BYO devices

April 15, 2021
New JavaScript Exploit Can Now Carry Out DDR4 Rowhammer Attacks
Internet Privacy

New JavaScript Exploit Can Now Carry Out DDR4 Rowhammer Attacks

April 15, 2021
NikolaNews

NikolaNews.com is an online News Portal which aims to share news about blockchain, AI, Big Data, and Data Privacy and more!

What’s New Here?

  • Three Privacy Preserving Machine Learning Techniques Solving This Decade’s Most Important Issue April 15, 2021
  • 5 Ways Conversational AI is Shaping the Future of Learning | by Aurosikha Priyadarshini | Apr, 2021 April 15, 2021
  • Marketing Automation Technology for Revenue & Growth April 15, 2021
  • A brief intro to Red Hat OpenShift for Node.js developers – IBM Developer April 15, 2021

Subscribe to get more!

© 2019 NikolaNews.com - Global Tech Updates

No Result
View All Result
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News

© 2019 NikolaNews.com - Global Tech Updates