high_confidence
CostaRicto
[CostaRicto](https://attack.mitre.org/campaigns/C0004) was a suspected hacker-for-hire cyber espionage campaign that targeted multiple industries worldwide, with a large number being financial institutions. [CostaRicto](https://attack.mitre.org/campaigns/C0004) actors targeted organizations in Europe, the Americas, Asia, Australia, and Africa, with a large concentration in South Asia (especially India, Bangladesh, and Singapore), using custom malware, open source tools, and a complex network of proxies and SSH tunnels.(Citation: BlackBerry CostaRicto November 2020)
Start date
1 October 2019
End date
1 November 2020
Techniques
10
Techniques (10)
collection1
T1005Data from Local System
command-and-control3
T1572Protocol Tunneling
T1105Ingress Tool Transfer
T1090.003Multi-hop Proxy
discovery1
T1046Network Service Discovery
execution1
T1053.005Scheduled Task
initial-access1
T1133External Remote Services
persistence2
T1133External Remote Services
T1053.005Scheduled Task
privilege-escalation1
T1053.005Scheduled Task
resource-development3
T1587.001Malware
T1588.002Tool
T1583.001Domains
Indicators of compromise
No IOCs linked to this campaign yet.