Recently a hackers-for-hire operation has been discovered using unauthentic ransomware targeting South Asian financial sectors and global entertainment firms.

Known as "CostaRicto" by reputed researchers, the campaign appears to be the creativity of APT groip who possess ransomware tooling and complex VPN proxy and SSH tunneling capabilities.

Researchers stated that CostaRicto targets are spread across different countries in Europe, Americas, Asia, Australia and Africa but the largest number is formed in South Asia (that includes India, Bangladesh and Singapore and China), suggesting that the threat actor could be based in that region but working on a wide range of commissions from widespread customers.

In this specific method, the hacker steals the information of the user and starts setting up an SSH tunnel to download a backdoor and a payload loader known as CostaBricks to implement a C++ virtual machine mechanism for decoding and injecting the bytecode payload into memory.

The backdoor comes equipped with 50 different commands to carry out tasks such as taskman, config, storage, debug, network functions that range from injecting suspicious DLLs into memory to enumerating files in storage to continuing the captured information to an attacker-controlled server.

Reports indicate that the backdoor is under active development.Outsourcing attacks to unauthorized money- oriented groups has multiple advantages for the opponents — it not only saves their time and resources and simplifies the procedures but also provides an additional layer of indirection to protect the real identity of the threat actor.

Found this article interesting? If Yes, then follow us on Facebook, Twitter and Instagram to keeo yourself updated with the latest Cyber Security News