BlackBerry researchers are tracking what they believe to be a mercenary cyberespionage group whose campaign they’re calling “CostaRicto.” BlackBerry doesn’t speculate about who CostaRicto’s paymasters might be, but they offer four reasons for thinking it a mercenary operation. It uses bespoke malware; it shows systematic, continual development; it may share some network infrastructure with APT28 (Fancy Bear, Russia’s GRU), and its highly diversified target list suggests more than one customer.
Dragos finds that industrial control systems (ICS) are increasingly being subjected to the attentions of cyber threat actors. The researchers are following five distinct threat groups:
- CHRYSENE (APT34 or Helix Kitten) targets the petrochemical, oil and gas, manufacturing, and electric generation sectors. It’s expanded its interests beyond the Persian Gulf.
- MAGNALLIUM (APT33 or Elfin) is active against the energy and aerospace sectors, including their supporting sectors.
- PARISITE (Fox Kitten or Pioneer Kitten) works against electric utilities, aerospace, manufacturing, oil and gas entities, and governmental and non-governmental organizations.
- WASSONITE, associated with the Lazarus…