A new dark web hacker group has surfaced on the internet who are preying on the targets in over a dozen countries around the world, says the Blackberry research that has been published off lately. Blackberry has been calling the hacker group or the hack-for-hire shop by the name “CostaRicto” who are after the South Asian targets, especially in Bangladesh, India and Singapore.
Not restricted to these countries, the hackers are also targeting entities in the Americas, Africa, Europe and Australia, including other locations in Austria like the Bahamas, Mozambique, France, Portugal and the Netherlands. This information has been shared by the researchers who have written about the dark web hacker group in a blog.
It is not yet clear who exactly is in the hire-a-hacker group. But their modus operandi in the regions stated gives a hint that they possibly are from the South Asian countries, the researchers have suggested. The researchers have also mentioned that they might be working on behalf of their clients. This is stated based on the unique targeting modus operandi and the characteristic of their tool-set.
Their custom backdoor, dubbed SombRAT, is configured in an offbeat way that hints it is intended to be upgraded and used over time. Moreover, it can be adapted based on various targeting needs.
“The constant development, detailed versioning system and well-structured code that allows for easy functionality expansion — all suggest that the toolset is part of a long-term project, rather than a one-off campaign,” the researchers write in the blog, adding that the diverse set of targets suggests assignments from clients rather than a singular, directed espionage campaign.
The dark web hacker group works actively for stealing their target’s credentials in two ways, viz., spear-phishing or purchasing the credentials from the dark web, stated the research group.
The researchers have been documenting the various dark web hacker groups and hackers-for-hire entities. The “CostaRicto Mercenary Operation” is just a part of the documentation and several others have been identified by now. One of the similar kind of hire-a-hacker shops named Bahamut has been utilizing the malicious applications, software flaws and disinformation for surveilling the targets in South Asia and the Middle East. Blackberry had stated this in its previous research.
There are other hacking groups as well that have come into the light, such as the Indian cybersecurity firm BellTroX and a group of mercenary hackers who had been conducting the cyber-operations on behalf of their clients. The researchers mentioned that the government-supported actors and the well-resourced businesses who are eager to hide their involvement in the surveillance operations or the ones who lack hacking skills are drawn towards these kinds of dark web hacker group or hacking services and hacking forums.
“Outsourcing attacks or certain parts of the attack chain to unaffiliated mercenary groups has several advantages for the adversary — it saves their time and resources and simplifies the procedures, but most importantly it provides an additional layer of indirection, which helps to protect the real identity of the threat actor,” BlackBerry researchers write.
Blackberry mentions that like many of the other hire-a-hacker operations, it seems that this one has been operational for over a few months. The earliest timestamps for the custom backdoor dates back to last year’s October. The payload stagers’ timestamps dated back to 2017, which means that it has been operational for quite a long time.
Source: Cyber Scoop
Disclaimer: Read the complete disclaimer here.